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ABSTRACT 


This book is an introductory course in mathematical logic covering 
basic topics in quantification theory and recursive function theory, and is 
intended for the reader who is interested in artificial intelligence, computer 
linguistics, and other related areas. The text is theoretical, but organized 
with implementation in mind. Toward the end there are a few experimental 
subjects aiming toward systems that can examine their own behavior, and 
toward the semantics of programming languages. The arithmetization of 
metamathematics is carried out in LISP rather than in the natural numbers, 
following an axiomatic treatment of LISP. 
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[Dhar Lho said], "Logic is the most important science of all learning. 
If one knows logic, all other studies become secondary. Therefore, I shall 
first discuss logic with you. Generally speaking, logic is the study of judge-~ 
ment and definitions, of which the most important subjects are the studies of 
direct experience, of inference and deduction, of 'sufficient reasoning' and 
'falge reasoning’, of 'non-decisive proofs', and of the patterns for construct- 
ing propositions, Now, tell me about all these-things!""_ | 

[Milarepa replied ...], "What I understand ia that all manifestations 
[consist in] Mind, and Mind is the luminating- Voidness without any shadow 
or impediment. Of this truth I have a decisive understanding; therefore not 
a single trace of inference or deduction can be found in my mind. If you 
want me to give some examples of 'false-reasoning', your own knowledge is 
a good one because it is against the Dharma; and since this 'false reasoning! 
only enhances your cravings and makes them 'sufficient', it is a good example 
of 'sufficient reasoning’. ‘Your hypocritical and pretentious priestly manner 
contains the elements of both 'false' and 'sufficient' reasoning, which in turn 
stand as a good example of 'non-decisive proof',"' 


~The Hundred Thousand Songs of Milarepa- 
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PREFACE 


I would like to discuss first the contents of this book, and then the 
attitudes behind it. _ oe 

The first two chapters are about LISP. In Chapter One, s-expres- 
sions are introduced as a data space, and the basic functions of s-expressions 
are.presented. In Chapter Two, recursive procedures are explained, and 
the recursive functions of.s-expressions. are defined:as: those for which such. 
procedures can be written. There is a discussion of “why these appear to 
include. all effectively computable functions:(‘Puring!s.and/Church's theses). 

Chapters Three and Four are about propesitienal logic. Chapter 
Three introduces the notion of a.deduction from given premises leading toa 
conclusion, and establishes the fact that deductions are mechanical procedures 
that can be checked for corre¢tness by.a computer program. Chapter Four 
considers theories in propasitional logic and models: for:propositional logic, 
and contains consistency and completeness theorems. . Ali.of this. is a dress: 
rehearsal for first order logic, where the same themes will be repeated ina 
richer setting. 

Chapter. Five is a brief interruption of the. dovaicorauet of deductive - 
systems to discuss the concepts "recursive'' and "recursively enumerable", 
and to demonstrate the existence of undecidable ectione such as: ee Le 
halting preblem. ity Sie 

The central portion of the book is about first order: caasncavisn 
theory, specifically first order languages with function and predicate names. 
Chapter Six introduces first order languages, first.erder:models, and the 
semantic notion of. satisfiability. Chapter Seven definea:deduction, proves it 
to be semantically consistent, and presents a-number of standard proof- . 
theoretic results, including the deduction theorem, replacement of equivalents, 
change of bound variables and the choice rule... Chapter: Bight contains the 
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completeness theorem for first order logic in several different forms, 
together with related results such as compactness and the Skolem-L&wenheim 
theorem, Chapter Nine is a bundle of loose ends, which includes the 
extension of first order theories by means of conservative definitions, decida- 
bility, and comparisons with other deductive systems, namely Robinson's 
resolution, and Gentzen-type systems. 

The next topic is the theory of arithmetic, which is the arithmetic of 
the s-expressions, The arithmetic of the natural numbers is treated as a 
Special case of this. The theory is presented informally in Chapter Ten, and 
as a formal first order theory in Chapter Eleven. In both cases, there is an 
emphasis on the strong analogy between Peano's postulates for the natural 
numbers, and the corresponding postulates for s-expressions. 

Chapter Twelve is concerned with the representation of recursive 
functions in the first order theory, which is then used to prove the incom- 
pleteness of arithmetic in three different ways: The first way is by construc- 
ting the LISP analogue of GJdel's undecidable sentence. The machinery to do 
this comes naturally, because it is none other than an updated version of the 
proof~checker discussed in Chapter Three. Representing formulas and 
deductions by s-expressions is not nearly so strange or impractical as repre- 
senting them by GUdel numbers... The second method of proving the incom- 
pleteness of arithmetic is by representing computation (as distinct from 
deduction) in the deductive system, and mapping the halting problem into first 
order arithmetic, The third method uses an "information theoretic com- 
plexity" approach due to Chaitin. The argument advanced here is that these 
incompleteness results are not irrelevant theoretical considerations, but 
rather that they illustrate the richness of arithmetic, and introduce new (meta) 
ways of reasoning. | 

This idea is followed up in Chapter Thirteen, which presents a formal 
axiomatic ''metamathematics" which can be used to reason about formal 
arithmetic, and to produce proofs of the existence of proofs which are 
generally much shorter than the original proofs. There is a hierarchy of 
metamathematical levels, in that one can prove that there is a proof that there 
is a proof of some formula. This technique also enables one to prove the 


validity of theorem schemas and derived rules of inference, 


Chapter Fourteen is about the recursion theorem, and its usefulness 
for representing partial recursive functions in first order arithmetic. This . 
chapter is useful as background for studying current research in the seman- 

_tics of programming languages. : 

Chapter Fifteen contains some concluding: veers about second order 

arithmetic and axiomatic set theory. eee 
x * * oats 

Once upon a time, it was believed that’ the problem: of getting a machine 
to behave intelligently would be solved by starting. with a.small kernel of 
intelligence capable of learning, reasoning, and organizing itself as it grew. 
There were several variants of this idea, and.some of them assigned an 
important role to.a "proof procedure" that could create GemoneteHom of 
logical propositions. 

This approach is now considered naive and ainaniate: As researchers 
have immersed themselves in the task of simulating detailed aspects of human 
speech and perception, there has been a growing appreciation of the complex- 
ity and subtlety of these acts, and the large amount: of detailed knowledge that 
seems to underlie the phenomenon of intelligence. Artificial intelligence 
research is now detailed and nitty-gritty rather than ‘vague and general. How 
do light and shadow allow us to find the edges of a block? . How. dees the pre- 
formed concept of a block allow us to infer one from!some edges? How do. 
we determine the antecedent of a personal pronoun? 

Artificial intelligence is also becoming a more structured discipline, 

-not as a universal mathematical theory, but as an epistemological and 
psychological theory. . One of the main.develapments.of the iast few years is 
the recognition of knowledge as being procedural:rather than merely factual. 
Knowledge is not a body of facts but, rather, what:one.-dees with one's facts 
and situations. Such a study cannot help but run into the problem of intention- 
ality. It is no accident that phenomenology, gestalt psychology, and the 
developmental epistemology of Piaget are now seen by many workers as 
relevant to artificial intelligence research. 

The logistic approach to artificial intelligence is severely and, in my 
Opinion, correctly criticized in Marvin Minsky's. currently unpublished — 
"Frames" paper, Almost all of the criticisms are related to. the fact that 
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logical deduction isolates the factual information or axioms from the methods 
of reasoning or rules of inference, (i) This separation forces one to repre- 
sent knowledge about the world as a large body of independent statements. 
Without a structure governing their relations, there is no way of selecting the 
relevant facts from among all the possible ones, and so attempts at deduction. 
run into a combinatory explosiveness. (ii) Many "facts" are true only when 
used in a reasonable way. Minsky uses the example of ''nearness" which is 
transitive in, the sense that if A is near B, and B is near C, then A is near C, 
This bit of reasoning works as long as it is not carried too far, In principle, 
one can always make a more precise formulation of any axiom by adding more 
parameters, But this seems to be unrealistic and, in any case, people do 
not make use of deduction beyond the point of common sense, (iii) Deduction 
is monotonic in the sense that adding new axioms allows one to make new 
inferences, but does not prevent one from making any of the old ones, Ifa 
general rule turns out to have exceptions not foreseen at the time it was 
postulated, there is little one can do except change the original rule, and 
recheck everything one has done so far for correctness. The rules of logic 
do not permit one to make restrictions concerning the inappropriateness of 
certain deductions. (iv) Consistency and completeness do not appear to be 
desirable properties of a practical system of reasoning because there is no 
way to organize a body of real knowledge that is either consistent or complete. 
‘or cxample, human reasoning appears to make use of some of the principles 
of set theory, but has no specific safeguard that prevents the paradoxes of 
naive set theory. - If someone is informed of Russell's paradox, he may either 
develop a critique of it or simply ignore it and go about his business. But in 
no case will the existence of the paradox interfere with his reasoning about 


ordinary situations. : 


I Minsky writes "I regard the recent demonstration of the consistency of 
modern set theory, thus, as indicating that sct theory is probably inadequate 
for our purposes--not as reassurance that set theory is safe to use!" 
Minsky is referring to the work of Yessenin-Volpin, who curiously enough is 
saying much the same thing. Following a famous result of Gldel, the con- 
sistency of ZF (axiomatic set theory) cannot follow from any argument that 
can be formalized within ZF itself. Since ZF is intended to incorporate all 
the set theoretic principles that mathematicians need to do their work, this 


The question, then, is why study mathematical logic at all and, in 
particular, why should there be a book organized as if the most important 
task to be done is to create an automated proof-checker capable of axiomatiz- 
ing systems of knowledge of almost any kind? (A proof-checker, as distinct 
from a proof-procedure, doesn't have the smarts to create a proof. It 
merely forces the intelligent human or other proof-generator to be completely 
precise, and perhaps it fills in the gaps in the proofs if they are not too 
difficult.) I think that the answer to this question is not that such a project 
ought to be undertaken, but that the presumption involved is contained within 
logic itself, and goes back at least as far as Descartes, if not Aristotle. 

The logistic method is an attempt to grab a hold on the world by 
reducing it to premises, inferences and conclusions. This is not always a 
healthy way of relating to the world. I think that part of Dhar Lho's error 
was in not seeing this. Formal logic is the necessary consequence of informal 
logic, and automated logic is the necessary consequence of formal logic. The 
nature of the fruit is in the seed, and the mature fruit tells us something about 
the seed, as well as vice versa, 

Formal mathematical logic can be viewed as a structure, interesting 
in itself. But there is always a motive for one's choice of structures to 
develop. In the case of first order logical theories, this motive is the notion 
that, at least in principle, entire areas of mathematics can be formalized 
axiomatically in first order logic, and their theorems proven within it. 
Carrying this one step further, there is the ambition to axiomatize "real" 
situations in the same way. 

It is for this reason that the later chapters of this book are aimed in 
the direction of a large and unsolved problem which the professional logicians 
have not been overly interested in solving. How can a deductive system 


incorporate within itself those metamathematical processes which are 


has discouraged logicians from expecting to be able to prove the consistency 
of ZF. But Yessenin-Volpin writes that ZF is "not so expressive as is 
commonly believed". His consistency proof (which is too new and unusual 
for there to be any adequate professional evaluation at this time) uses tech- 
niques that are startling to mathematicians, but possibly relevant to Minsky's 
discussion, which he calls "tactics of attention'', and which relate the deduc- 
tive process to questions of modality and intention. 


necessary to the work of a real mathematician, and do so in such a manner 
that new mathematical tools are proven to be valid before they are used? If 
mathematical logic does not investigate this problem soon, it will have failed 
to mature its most important concept, which is the applicability of the axio- 
matic method. 

In stressing this point, I am guilty of some confusions and inaccurac- 
ies which will be evident to any trained mathematical logician. Questions of | 
foundations have been obscured by using axioms and definitions that are too 
strong. The distinction between finitary and set theoretic reasoning, and the 
historic context that makes this distinction important have not been made 
clear enough. My decision to allow definitions into theories has converted 
them into temporal or developmental entities, which is not as neat as the 
standard treatment of theories, although it is more practical and realistic. 
Some of the proofs of theorems are a bit sketchy and occasionally non~existent. 
This is especially true if the theorem asserts that there is an effective pro- 
cedure that does such and such, The book is written for people with compu- 
tational experience to whom such things are self-evident. On the whole, I 
think that this book is a useful introduction to logic from one point of view. 
The student who then wishes to continue his study of mathematical logic will 
have little difficulty in making the transition to the more standard presentation. 

* Ok Ok 

In some sense, then, this book is not about what its contents appear to 
be, The reader will have to form his own opinion concerning the relevance 
of logic to artificial intelligence or any other endeavor. If he is interested, 
this book will lead him through a maze of particulars and details, and will 
Suggest Some ways in which to organize this experience, Because logic is so 
abstract, it generally turns out that anything which is a real problem in logic 
will present itself elsewhere in some other form. You will have to ask your- 
self what is the relation between quantification, and space and time, or what 
is the relation between the deduction theorem, and modalities of speech such 
as the subjunctive, or whatever else it is that you notice while studying logic. 
Good luck! 


PREREQUISITES 


It is assumed that the reader has a background and interest in 
computer programming, and that he has mathematical aptitude. The text 
assumes no specific mathematical knowledge. other than those fyndamental 
concepts basic to all of theoretical mawemece: | put 4 some. peiemeice 
sophistication is expected. 

LISP is used extensively, and it will help t to have Grogriaied in LISP. 
But this is not essential because LISP is developed in the first two chapters. 
There is some reference to common. programming ideas’ such as ALGOL, 
call by value and name, procedures, etc, 

The mathematical prerequisites can all be found in {Haimos |. They 
include: . as 

Sets, subsets, membership, union, intersection, complement, 

power set, ; : 

Function, domain, range, argument, value. 

Cardinality, finite, infinite, countable, uncountable, diagonalization. 

Equality, equivalence relation, partition, coset. : 

Mathematical induction, — 

Partial ordering, linear ordering, upper ant lower pene: greatest 
upper bound, and greatest lower bound. oe 

Some familiarity with symbolic fogtt ‘will be useful, but not essential. 
_ References to other mathematical subjects such ag analysis, topology or 
ordinal numbers are mainly used.as illustrations that may be: skipped over. 


1 When a reference is made-in square. brackets; : tae éeommpbete-citation can be 


found in the bibliography, listed a rata by Gaciuete's ‘name. 
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CHAPTER ONE 
SYMBOLIC EXPRESSIONS 


Preview of Chapters One and Two 


Chapter One introduces the basic data of LISP which are called 


s- expressions, and a set of basic functions. Qt 8;expressions from which one 


may construct. many other LISP functions, _ _ Chapter.’ wo introduces a simple 


language, recursive in nature, in which one can. des ribe precisely how to 


compute a complicated function from the basic functions. It is important to 
learn this material thoroughly before proceeding further in this book because 
LISP will be used in relation to all the subsequent topics. of discussion, and 
because, as we shall see later, LISP itself is the subject of a theory which is 
as elegant and simple in its postulates as is. _pyumber. theory, _ 

Pedagogically, it makes sense to have some practical experience with 
a subject before attempting a theory about. it. For example, numbers and 


the use of numbers are taught in elementary school, while number theory is 


typically a college level subject. Therefore, it is important to make use of | 


these two chapters and their exercises to. Agar 2 some basic skill, with 
s-expressions, 

If you are already a LISP programmer, just skim through the two 
chapters and note that some of the definitions used here differ from the pro- 
gramming system you are used to, and that many parte of the language have 
been omitted. 


$1.1 S-expressions 


The basic units from which s-expressions are built are called atoms. 
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We shall define atoms, and then show how to build larger s-expressions from 
these. Atoms are of two kinds: names and numbers. 


A name is any sequence of one or.more capital letters and digits which 
begins with a capital letter. : 


A positive number is any sequence of one or more digits that does not 
begin with 0. 


Zero (0) is also a number, 


The positive humber's together with 0 are ‘called natural’ numbers. _ 
While we could define many othér kinds of Himbera, if this book we shall _ 
always mean natural number * when we re ody nuiiber ‘ie we specify other~ | 


wise, ‘Therefore: 


» pomeer 8 positive number or zero. a 
There are many types of” ‘entities ‘whith Gah be and dre considered | 
atoms in various Lise ‘systems. “Oicd debe? ve 


n we ‘shai restrict ourselves to 
the minimal structure t required byt thie set matter ant of this ook | There- 
ee; fet a4 a 4 


fore: 
_An atom is either a name or a number, 


Examples of atoins: be 


i AQ3450057 


We now proceed to s-expressions whith aré the mbih subject of this 
chapter, An s-expression is a tree-like structure created entirely from 
atoms placed in a particular arrangement. Parentheses, dots, and the 


a 


spaces used to separate one atom from another are used to specify this 


arrangement. 


An s-expression is either an atom or else it is a structure having the 
form (a . B) where both @ and 8 are s-expressions. 


This is an example of an inductive definition. From it, we can infer 
that A is an s-expression because A is an atom. Similarly, B is an s-expres- 
sion. Therefore (A . B) is an s-expression. Applying the definition again, 


since (A . B) and C are s-expressions, ((A.. B). C) is also an s~expression. 


Examples of s-expressions: 


A XYZ 

(A. XYZ) ((A . XYZ). A) 

(A. (XYZ. A)) (A1 . (A2 , (A3.. NIL))) 
((A1 . A2). (B1. B2)) (A. A). (A. A)) 


Since we shall frequently make use of this kind of definition, it merits 
some discussion. It is a common practice among mathematicians to limit 
such a definition by adding: "...and nothing else is an s-expression"., We 
shall always assume this to be the case. 

It is possible to conclude from the definition that all s-expressions 
have the same number of left and right parentheses. This is because (a) all 
atoms have the same number of left and right parentheses, namely none, and 
(b) any other s-expression has the form (@ . 8) where @ and B are s-expres- 
sions. If this proposition is true for @ and 8, then it is certainly true for 
(a . B) which adds one more parenthesis of each type. It is also evident that 
each left parenthesis is paired with a unique right parenthesis, namely the 
first right parenthesis encountered by making a left to right scan starting at 
the given left parenthesis such that all the intervening parentheses are paired. 

Notice that both (A. (B. C)) and ((A. B). C) are s-expressions, and 
that they are considered to be different s-expressions. The mathematical 
principle which asserts that algebraically X+(Y+ Z) is the same as.(X+ Y)+Z 


is called associativity. The composition of s-expressions is not associative. 
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One more comment, this time on the use of Greek letters. A Greek 
letter is never part of any s- expression, or for.{ that, matter. any. other type of 
entity constructed anywhere in this book. It is purely an explanatory device, 
as in the previous definition where we say,"let @.and § be any. s-expressions". 


Problem Set i 
1. -Which of the following are s-.expreesiqns? 


a. ABC b. 35A 
ce. (A.B) "a. (A. B)) 
e. (A. B. €) f, ((A. B). C) 


2. How many different s-expressions. are there that use the atom "A" 
exactly n times and contain no other atoms? (Call: this function mn). Don't 
try to find an algebraic formuld for #(n) which may not ‘exist, but learn how 
to compute #(n) when you know the values of sh ah all ures less aid n, ) 


The examples of s- expressions which have just been given are. all . 
written in what we call dot notation. There is another "shorthand" ‘notation 
for writing s-expressions called list notation, tt is more ‘convenient and is 


ree Baths 


more generally used, Howevef, we are not introducing any new 8-expres- 
sions, Every s-expression can be written using only dot. ‘notation, but many 

s-expressions are much easier to write in n list notation. ‘Some s~ expressions 
cannot be written in list notation. - . . 

Although list notation ‘is most commonly used, dot notation is 
considered more basic. Theoretical properties of s~expressions, are 
resolved by referring to dot notation. mee Geen as 

In the list notation, a special status is given the atom NIL as the . 
terminator of lists. A list is an expression having the form. (oe 1% . a 
where each @. is an s- expression, In other words, a list is just several 

gcexpressione enclosed between a ‘set of parentheses, with spaces between 
them. This list is the same s- ‘expression as (a, . (a (a, 7 NIL) 


ese )). 7 
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Some examples of lists (left column) and the equivalent in dot notation 
(right column): 


() NIL 

(A) . (A . NIL) 

(A BC) (A. (B. (C. NIL))) 

((A)) a (A. NIE). NIL) 

((A B) (XYZ) (U V)) (A. ¢B. NIL)). (XYZ. NIL) 

. ((U. (V.. NIL)) . NIL))) 

((A) ((A))) ((A . NIL). (A. NIL). NIL) 

. NIL)) 


Some s-expressions cannot be represented without dots, for example 
(A.B). Mixed notation may also be encountered such as ((A. B)(C. D)). 
In this case, there is a list at the top level, and dots at a lower level. This 
is the same s-~expression as ((A. B). ((C. D). NIL)).. In general, we 
avoid creating s-expressions that require dots, but it is well to keep in mind 
that the dot notation is the simplest way of explaining the underlying theory of 
s-expressions. 0 


Problem Set 2 


1. Write each of these s-expressions using only dot notation. 


a, A b. (A B) 
c. (1 (2) ((3))) d. () 
e. (A (B ((C)))) f, (({A) 2) - 


2. Write each of these s-expressions without dots if possible. 


‘a. (A. NIL). ((B. NIL). NIL)) 

b. (A. NIL). (B.NIL)) 

c. (A. (B. (C. NIL))) 
d. (NIL. NIL) | 

e. (APPLE . (PIE. NIL)). ((CHEESE . NIL) . NIL)) 
f. ((X. NIL). (NIL. Y). NIL)) 
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$1.2 Basic Functions of S-expressions 

We are now going to consider a small number of very basic operations 
that one can perform on s-expressions. These operations are the foundation: 
of all subsequent processing of s-expressions in much the same way that 
counting up and down is the foundation for all of arithmetic. As you probably 
know, counting is even more basic than adding and multiplying when we 

analyse operations from the mechanical viewpoint. 

Because we are using a mathematical approach, we describe these 
operations as being functions. The first funetion to:be discussed is called 
cons. 

The function cons is used to constract bigger s-expressions out of 
smaller ones, It takes two s-expressions and puts a left parenthesis before | 
the first one, a LISP dot between them, and @ right parenthesis after the — 
second one. For example, cons of Aand B is (A’.:B): Aliso, cons of 
(A. B) and(X. Y) is ((A. B). (X. Y)). 

We need a reasonable way of writing these assertions other than in 
English. So we use a notation that looks like this: 


cons[A, B] = (A . B)- 
consf((A.. B),(X. Y)) = (A. B)(X. y)) 


We have said that cons is a function, ‘In the first line above, A and B 
are arguments of the function cons, and (A . B) is the’ value of cons associated 
with these two arguments, It is a common mathematical and scientific nota- 

_ tion to write a function followed by a list of its argamente. enclosed within 
parentheses. The arguments, if there are more than one, ‘are separated 
from each other by commas. _ This is exactly what we have done here except 
that we use square brackets instead of parentheses. The reason for this is 
that when the arguments are s- expressions, this could get confusing since 
parentheses occur as parts of s~expressions. 

Getting back to cons for the moment. Since every s-expression is 
built from atoms, every s-expression can be put together from atoms using 
cons, Consider the case of (A. (B.C)). We have cons[B, C]=(B. C), and 
cons[A,(B. C)jJ=(A.(B. C)). Putting these together, we have cons[A, 
cons[B, C]]}=(A..(B.C)). This is an extension of our notation, and is. 


oe 


called composition. 

Let us look at some examples of cons: 
1, cons[BILL, JOE] = (BILL . JOE) 
2. cons[A,(B. C)] = (A. (B. C)) 
3. cons[A, cons[B, C]] = (A. (B. C)) 
4, cons[A, NIL] = (A) | 
5. cons(A, (B C)] = (A B C) 
6. cons[A, cons[B, (C)]] = (A. (B.(C. NIL))) = (A BC) 
7. cons[A, cons[B, cons[C, ()}]}}5(A B C) 
8. cons[(A), (A)]=((A) A) 


Problem Set 3 
1. What is the value of each of the following? |. 
a. cons[B, B] b. consf(A . B),(A. C)] 


c. cons[((A B),(AC)}] = di. cons {Q, (R S)] 
e. cons[(A B C),(D E F)] f. cons{cons[cons[A, NIL], 
' NIL) NIL] 


2. What is a commutative operator? Is addition of numbers commuta- 
tive? Is cons commutative? sa - 

3. Describe a necessary and sufficient condition for the value of cons 
to be expressible without dots. 


Next, we consider the pair of functions car and cdr which are used to 
take apart s-expressions. Car and cdr are unary funttions; ‘unlike cons — 
which is a binary function, each takes only a single’argument. 


car[(A . B)] z A 
cdr{(A , B)}]=B 


Car and cdr are not defined as having values when their arguments are 
atomic. For example, car[A] has no meaning. Any s-expression which is 
not an atom we call a composite s-expresaion. If a composite s-expression 
is written in dot notation, there is always one main dot. . This is the dot 
which is contained only within the outermost set of parentheses. Then car of 
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the s-expression is the expression between this dot and.the leftmost paren- 
thesis of the whole s-expression, and cdr is the expression between this dot 
and the rightmost parenthesis. 


((A. (B.C). (D. BY) 
car “car 


Examples: 


ear[(A B)]=A 

cdr{(A B)] = (B) 

cdr [(B)] = () 

cdr[(()} is undefined 

car{(((A)) (B))] = ((A)) 

car[edr[(A B)]] = B 

cdrf{cdr[(A B)]] = () = NIL 

car[({A))} = (A) 

carfear[((A))]]} = A 

car[cons[A, B)) = ; 
_cons{car{(A)], cer C D)J}=(AC D) 


Many people have objected to the names car and cdr, proposing some 
alternative such as "first" and "rest" which describe the effect of car and cdr 
on lists, Yet these names have remained around because. they compose into 
sequences of cars and cdrs and remain at.least slightly pronounceable. For 
example, caddr (pronounced CAH-duh-der) means "car of cdr of cdr'', So 
caddr({(A B C)] is the same as car(cdr{cdr{(A B C)]}]}] which is C. Notice that 
it is the rightmost a or d in the word which gets performed first, just as it is 
the rightmost function when we write out the longer form. 


Examples: 


 carf(A B C)] =A cadr[(A B c)] = 
caddr[(A B C)] = C cdddr[(A B C)] = 0 | 
cdar[(A B C)] is undefined cadadr{((A B) (C D) (E F))] = 
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Problem Set 4 


What is the value of each of the following? 


1. car{(A . B)] 2. edr f(A. B)) 
3. car[(A B)] ag, edr{(A B)} 

5. carfedr[(A B)}) _ 6. cadr[(A B)P 

7. cdar[(A B)) 8. cdar{((A°B)] 

9. cdarf((A)B)} © = 10, caaarft(tlAy)T 
11. cons fear[((A)), Poe Se aS ip ey 


eadr[(A (((B) (C))))]] 


Mixed Iexpressions 

We have been discussing LISP expressions such as "consfx, y]".. 
Arithmetic expressions such ait Sat y 2 are‘familiar td you'and need no — 
special explanation. Since numbers are considered atoms and ciin appear 
within s-expressions, it is perfectly meaningful to mix LISP and arithmetic. 


_ Example: 


 car((2 3 -4)}p+-cadr((5 7 9)}=2+749).5 


Not all such expressions will be meaningful. 3+car[(4 A 10)] = 7, but 
3+cadr[(4 A 10)}%e@ undefined.  ("A"'-is a name,’ and addition is not: defined on 
names, Certainly we-would not want:to day tateporid¢alty that: 3+ Ais mean> 
ingless. The question of whether A car be‘eensidered t be a variable or 
_whether it means’only itself is one of-interpretation: |The question can only _ 
be considered in context, and we carinot discuss it edequately here. ) 

Within LISP, the notions ‘of ‘truth and feiatty'can be represented by the 
atoms T and F respectively. A-funetion whdee vatue is atways T or F is 
called a prédivate. There is a basic predicate calléd‘atom which tells us 
whether its argument is an atom, that is, it has the valiie-‘T ifs argument is 
an atom, and F if its argument is’ a composfte s* éépression. ~~ 
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Examples: 


atom([A]=T  atom[1974) = T 
atom{()} = T atom[ABC] = T. 
atom[(A B C)] = F '  . * atom[ear[(A.B C)]) = T 


atom(cdr{(A B C)]] = F atom{eons(A, B]} = F 


Equality itself is considered to be a basic predicate of s-expressions. 
Suppose we. give the notion of equality the name equal. Equal is defined as a 
binary predicate which has the value T if both ite argumenjs are the same, 
but has the valve F if its arguments are different, s-expressions. 


Examples: 


equal[{A, A] = T equal[((A B C),(A B C)] = T 
equal[NIL, ()] = T ' equal((A B),(A.. (B. NIL))] = T 
equal{A, (A)] = F (A..-<B. C)), 
equal{car{(2 3 4)]+2, 4] = T (A. B). C)) =F 
In practice, we shall seldom use the function name equal, but instead 
use the equal sign te mean the same thing. . Instead of writing equal{A, A], 
we shall write A=A, or when necessary [A= A}, . When.a function, symbol 
(usually a special. symbol rather than a name epelled: with letters) is used 
between two arguments rather than preceding beth of them, this is called 
infix notation. We use it frequently and in fairly.gbvioug ways, but since 
problems of syntax are not an important partiof this hook, there will be no 
formal theory about parsing such grammars. [n.conclusion, the preceding 
examples will normally appear as [A=A]J=T, [A=(A)]=F,.. etc... 7 
. Cons, car, cdr, atom and equal are the five basic functions for the 
manipulation of s-expressions. | 
Suppose we wish to form a list from three constituents. We can des- 
cribe this construction by writing cons[a@, cons{f, cons[y, NIL]]] where a, 8, 
andty are the three s-expressions to be listed. This is too long to write, so 
we introduce the shorter notation using the function list which can have any 
number of arguments including none. The preceding example can be replaced 
by list[a, 8, 7}. 
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Examples: 


list{[A, B, C] = (A B C) list{] = NIL = () 
list[(A B), (C D)}:=¢{A B) (C D)) list [1#stfA]}]' = €(A)) 
cons[A, list[B, C,.D}} =¢A BC D) PG Ea et: 


_ Another convenienee is the predicate-null which has a-single argument 
and is true only if that argument is NIL. 


Examples: 


null[()] = T null{A] = F 
null[{edr[{(A)]] = T null{(NIL)] = F 


Atoms can be sorted out into two types, names and numbers, and to 
do this we introduce two predicates, name and num. 


Examples: 
name[ABC] = T name[(A)] = F 
name[5] = F num{5] = T 
num [cadr{(A 2 (5))] = T num/[(3)] = F 


num[A] = F num[3+ car[(5)]] = T 


There is another function which we shall consider to be basic without 
any justification at present. Consider the set of all names (not numbers). 
There are infinitely many of them, but they can be placed in a definite order 
in an infinite list, that is, they can be enumerated. We list shorter names 
before longer ones, arranging the finitely many names of any particular 
length in alphabetical order, putting 0 thru 9 at the end of the alphabet. 

The function enum is only defined when its argument is a number. 
The value is always a name, and if we form the list enum[0], enum[1], 
enum(2]... we get exactly the enumeration discussed above. 


Problem Set 5 


1. list{A,2+car{(3 4)], B] 2. list(2+2,2+2=4,2+2=5) 


pa) 


onto 


. atomflist{A, A = B}] 

. name[enum[2 + 2]] 

. cons{[name[A], num[A]] 

. list[(A B), list[(C D),(E F)]] 
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- enum({2+2] 

. enumf[A] 

. (A. B)=(B. A) 
10, 


cadadr[((A B) ((C D) (E)))]} 


CHAPTER. T,Wo: - 
RECURSIVE DEFINITIONS = 


Preview of Chapter Two 

The chapter begins with some comments on functions, and the termi- 
nology concerning them, from: the viewpofit of naive ‘get theory. After this, 
avery simple language is: defined whicty, tegetier iW the’ basic functions | j 
discussed in Chapter: One, wilb-ailew us-to dettnd' every function’ of 5- epee: 
sions that is in any reasonable sense calculable. _ 

Having now completed’ Chaptdér One,* it48-ae 4? you had learned arith- 
metic but net algebra, We can: haniiie ‘O49 24> bit Net x4 y+z. What we 
need among other things ane variablex, ‘ahd: piiviaa Mii ‘ate thier: BO that” we can 
describe general instead a a ica ormip pee Bees 


§2.1 Functions 


The concept of a "function" in set theory is synonymous with "mapping" 
of "correspondence". Suppose we have two sets . “A ‘and 1 B, and for every. 
object in A, there is an object (or element) of B ‘associated. with | it. Then. 
this correspondence is called a function, and A A is 1 the | omain of the function, 
and'B is the rarige of the function. © ‘Altho igh every ee ment of A has a 

- corresponding é€lement in B, it is not the’ case that every, element in B must 


correspond | to ah elément in A. A given ‘element of of B may, correspond to, 
‘more than’one element of A, or to none at all. is 
From the point of view of set ‘theory, the function itself is viewed asa 
set. If f is a function from A to B (we write this as LA B) then f itself is a 
set of ordered d.peire fa, b) such that a€A i isa member of ray and b € B, and 
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such that for every a € A there is exactly one such ordered pair which is a 
member of f. 

Some furetiens have more than OMe argument. if fis a function of n 
arguments, then Tf has n ‘domains, Ay ‘?*hra a, and one range, B, and we may 
specify this information by writing A,-*... xA,*B. The function f is then 
a set of n+ 1-tupkes (a) eka ad) Where tath a, € Ay, and b € B, and such that 
for every combination of ‘one a, from eath A, there is exactly one such 
n+i1-tuple inf. For ceeunie cons:S x5 s is the infinite set of triples 
{4A,A,(A. A))...] cofitaihing every possible pair Gf ‘6~expressions together 
with their cons. 

As was mentioned in Onepter Sea anembets of the domain(s) of a 
function are calied ® Boguments, and members of the raqge are called values. 

The set (7, F} is called#, A Panetion wrose ranye ia ib called a 
predicate. ee 
Any subset of a function te cated a4 tel deaction, That is, a partial 
function is a hivetion that may swt seve. vetone tor-eTi its arguments. Sorre- 
times we are a bit -sleppy end-use the werd “function” when we mean "partial 
function". Then, When we wart $0 empiapige tee completeness of 2 function, 
we are led to use Gre term total Sanction. We ate speek of pars! ‘end 


Ail ‘of this may seem vuxttemely obvious, Dut it is important: te stress 
that when we talk of a tanction we ‘ere not referring to a procedure of a sub- 
routine. The distinction is important, and ia roughly analogous to the differ - 
ence between a loaf of bread and a recipe for baking @ ipar ot bread. Recipes, 
like procedures, tan we published i sovks ana journals. No one has ever 
published a loaf of bread, Similarty, the function sohs Can be discussed, and 
subroutines written to compute it, bat the function iteelf is an infinite set and 
is therefore a Soncepteal objedt waly, wevet a printed : ‘e@byect. _ It is aleo impor- 
tart not to confuse the wame of @ function with the function itself. 


$2.2 Recursive Definition 


. Recursive Definition: A definition of a function 
permitting values of the fenction to be computed 
systematically in a finite namber ef steps; esp: 
a mathematical definition in which the first case 


«pe ; 


is given and the nth case is defined in terms of 
one or more previous cases and esp. the 
immediately preceding one, 


Webster's Third New 
International Dictionary 


It would be hard to improve on this definition. We shall start this 
discussion by illustrating that many ordinary functions of arithmetic may be 
defined recursively starting only with the functions successor and predecessor 
as given. The meaning of the notation being used will be explained in English. 
After this, we shall define more formally the language we have been using. 

The successor of a number is one more than that number. For 
example, the successor of 5 is 6, Our notation for the successor of nis n 
So 5°= 6, and 5“ = 7, 

The predecessor of a number is the next smallest number. ‘The pred- 
ecessor of zero is not defined. Our notation for the predecessor of nisin. 
So 77 =6, and 7" =5, and 17” is undefined, | 

Starting with only these two functions, and equality, we proceed to 


define addition and multiplication: 


(1)mt+tne [n=0%%,T +m‘tn ] 


(2)m xn [n=070,T*m+mxn ] 


Translated into English, the first definition reads: ''The sum of m and 
nis mif nis 0; otherwise it is the same as the sum of the successor of m 
and the predecessor of n.'' This fits the dictionary definition perfectly. We 
say that we are recursing downward on n. When we count n down to 0, then 
the process is over and we have an answer. For example, 5+ 3= 5 +37 = 
6+2=642  =74+1=7+1 =8+0=8. The recursive definition is applied over 
and over again until the second argument (called n in this definition) is 0. As 
long as nis greater than 0, the second part of the definition applies and the 
computation proceeds, Whenn = 0, then the first part of the definition applies 
and the computation is over. It never becomes necessary to fake the pred- 
ecessor of 0, and therefore an undefined condition will never arise. 

We call line (1) a recursive definition. It provides an explicit method 


of computing the function "+" given the successor and predecessor functions. 


This particular recursive definition gives a value which is a number every 
time it is applied to a pair of arguments which are numbers. But not all 
recursive definitions are this way, A recursive definition may not compute 
a value for a variety of reasons, The fact that (a) this particular recursive 
definition computes a total function, and (b) this total function is the familiar 
function "+" are particulars which are obvious in this case, but in general 
the correspondence between the function computed bya. recursive definition 
and a function understood or specified in some other way must not be 
assumed without good and sufficient reagon. 

Line (2) is a recursive definition for sidhdiitestiea, * It can be trans- 
lated into English as "The product of m and n is 9 ifnis 0; otherwise it is 
the sum of m and the product of m and the predecessor of nn.” This definition 
invokes the previous definition of. addition, So. the recursive definition of 
multiplication is really both lines, | 

It will be our general habit when making recursive definitions to build 
up more complicated functions from simpler ones. From the definition of 
multiplication we see that 5 x325+5 *2 serene gece “5+ 54545 x0=5+5+ 
5+0=15, 

Recursive definition is also used.to, specify, the computation of predi-. 
cates. The numerical relation “ia ictal than"! a, asinine of such; It 
can be defined by: = 


aA m>ne fm = 20982067, T+ mm an} 
which expresses the English definition: “itr m is zero, ‘then m is not greater 


than n; if m is not zero and n is zero then m is greater, then n; and if neither 
is zero then m being greater than n depends on mn being, greater thann”. ; 


erry 


The predicate ">" can now be used to ‘define the function maxim, n} nebdea 
value is the larger of its two arguments, aes 
/max{m, n]¢ ba > aft mT ~*n) 


Recursive definition is used to-define:Ridctions ét S-expressions other 
than numbers in a similar way. An important LISP function is subst[x, y, z], 
whose value is the s-expression resulting from substituting the s- expression 
x for all occurrences of the atom y in the s-expression z. For example, the 
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_ puting subst of carfz]’and cdr[z}, which may ‘in turn: 


result of substituting (R S) for all occurrences of B in (A B(C B)) is 
(A (RS) (C (R S))), i.e., subst[(R S),B, (A B (C B))] = (A(R S) (C (R S))). 
Subst is defined necureively by: 


car[z]], subst y edr(zJ}}] 


which translates: "re 2 is anatom, then, if ¥ a , the game as z-the value is x,. 
otherwise the value is z; but if z is not an atom then the value is obtained by: 
first computing subst of x and y and car of z, and subst of x and y and cdr of 
z, and then taking the cons of these. two: 8-expressions,"' 

This example is more complex than the preceding | ones in two ways. 
It contains a choice nested within a choice in ‘that if zis: an atom, then there 
is still another decision to be made. | ‘Aldo, ‘the recursion generates a tree- 


subst[x, y, 21+ (atte 1 3 44,7 4; a). + covdaabstix, ys. 


structure of subproblems rather than a linear sequence as in the preceding | 
numei ical examples, The recurgion | on the argumen it z may require com- 


sire computing subst 
with the third argument being car[car[z]], ‘edtfear [aL earfedr{z)), and 


edr[cdr[z]]. The larger the | 8- ~expression z ‘the larger ‘this 8 ‘tree of sub- 
problems will grow. es 
subst ((R S) 7B, (A B (C B))}9A @ 8) (.4n.9))) 
en eh nn ce rey) 
subst[ R 8),B,B]=(R s) ee e subst 48 87,8; ((C B))) 
tl (8) B, (c 1 be aubeelia aaa “NIL 
subst[(R 5),B,C}=C | - teeny | 
subst[(R S),B,B]=(R S) tata $),B sat 


cons[A,cons[(R s), ‘cons [cons[C,cona[ (R. 5) 4 Lo @ 8) ro (R 8))) 
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We have been making use of the I anguage of recursive definitions in an 
informal way; we now proceed ‘to! define thee mmgisetge more formally. First — 


we give a concise grammar, and then define the semantics of the language as 
a set of instructions for computing — functions from Raha basic 
functions. 


1. An identifier is a sequence of one or more Jower case letters 
aertmetmpernyoomaeianaimens ay? ; pl ae Be > wt i x * 
and digits. It must begin with a letter, (This is the same 
as the definition of a name except that names have upper 
case letters, Identifiers and names are.in one-to-one 


correspondence by merely anging the case of the.letters. ) 
2. A variable is an identifier. to Sata orciae 
3. An object § is an s-expression. a tat 


4. A function name is an identifier. (See exception below. ) 
5. A form can be any of the following: 
a. a variable 
b. an object 
c. Of€ pore | nl where @ is a funetion name, aaa each 
. €é isa fete. (See exception below.) 
d. a conditional form (see 7)" tes . 
6. OA pro positional’ form is a form. | (The. distingtion is semantic 
and will be. made.in. the following discussion. ) 
7. A conditions} form is i, +¢ ooo , Qhmere n2i1, and 
each of thie m, is a propositional form, anid each ofthe ¢. is 
a form. 
8. A recursive definition is oft, aj .g my €, Wires is a 
function name, each of the c is a-variable, and ¢€is a form 
containing no variables Other than the §,. 


Exception: Rules 4 and § above permit forms such as ‘cons [car [x], 
cdr[y]]} but not forms such as 3% m+n. It is convéntent to have 
functions specified by conventional symbols such as "+", "x" and "+" 
as well as by identifiers, and it is also convenient and conventional 
to use certain of these symbols as infixes (m+n), prefixes (-m) 

' 
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and suffixes (m’), Because we are not concerned with writing 
compilers we shall gloss over the syntactic problems of such 
notation in the following way: every function and predicate 
which is specified by a conventional. symbol has:an identifier 
type name also. As long as the parsing. of. any form that we 
write is clear to the reader, we can pretend in.certain theoret- 
ical situations that the only official notation is. that. of identifier 
names followed by arguments in brackets, i.e, Of... ]. For 
example, "3 xXx-y>z" is simply a convenient. notation go. that 
we do not have to write out "greater [difference[times[3,.x], y],z]''. 


Semantics: 


1. .A recursive definition has meaning because it is an explicit 
algorithm for computing a partial recursive function: To 
the left of the left arrow in the recursive definition is: the 
name given to the partial function being defined, and a list 
of variables. The list of variables.apectfies the:number 
of arguments the function has,: and assigns these variables 
as the temporary. names cf.the arguments while: the :compu- 
tation is in pragreas.. This temporary:identification of 
arguments. with variables is caHed.a binding ‘of the ‘vari - 
ables, The. value of the function is. obtained by evaluating 
the form to the right of the: left arrow, : using the rules 
given below, with this binding of the  aaeeiae, in effect. 

2. The value of an object is. itself. - 

3. The value of a variable is obtained frons the seeing as 
specified in rule 1. 

4, The value of a form of the type el¢, ware et is. computed by 
first evaluating each of the forms & using these rules, and 
using the resulting sequence of values as ‘arguments-for the 
function ¢. If@ is one of the basic functions or predicates, © 
its value is obtained immediately. However, ify is itself 
specified by a recursive definition, then the current com- 
putation must be set aside, and the compatation to obtain 
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the value of @ for these arguments must be performed. 
When this is completed, the current computation is then 
resumed, and neither the bindings or the variables, nor 
any other partial results in process: will ‘have been changed 
from what they were before invoking the definition of ¢. 
This process can ocetir nested to a considerable depth, 
with many levets of computatton interrupted and incom- 
plete. When the definition of g is invoked from within the 
definition of g, this process is called recursion. The 
example of subst is a good ca#e to study. 

5. A propositional form is a form whose expected value is T 
or F, Typically, it is either one of the objects T or F, or 
it is a form vfe,. cous ¢) where ¢ is 4. a It may 
also be a conditional form. 

6. The.value of a conditional form i, 7e, 00H 4 J is 
obtained by evaluating the propositional forms , from left 
to right until one.is found whose. vaiue ie T. Then, no 
more *, are evaluated, but the corresponding ¢ is evalu- 
ated, and ite velue is the value.of the conditional form. 
An important property of a conditional form is that nothing 
gets evaluated beyond what is necessary té sélect and eval- 
uate the proper ¢. For example, if #, évatuates to F, then 
¢, is not evaluated but passed over, and ©, gets evaluated. 
If the value of my is T, then % is evaluated to provide the 
value of the conditional form, and overyantng | to the right 
of. G is ignored, 


There are a variety of reasons why the (pees of coi: a recur- 
sive function may not produce & value: 
. A variable on the right side of a definition does not-occur on the left 
side, 
2. A function referred: to in the definition has not been defined. 
3. A function is given an incorrect number of arguments. 
4. In the process of evaluating a conditional form, one of the 7, 


evaluates to something that is neither T nor F. 

5. In the process of. evaluating a conditional form, all the 1. evaluate 
to F and the end of the form is reached. a8 

6. A function called in the computation is: given an argument for — 
which no value is defined, such as car applied to an atom, or addition applied 
to non-numbers. ; 

7. The computation continues tabever without wacuuntariag any of the 
errors mentioned above, but without ever terminating. 

Reasons 1 thru 6 above are simply programming errors that can be 
avoided by correct procedure, Reason 7 is a fundamental.property of com-. 
putation having important logical consequences, There is no possibility of 
eliminating it from any programming language powerful enough to do general 
purpose computation. | 


-Problem Set 6 


| In each of these problems you may assume any of the definitions made 
thus far, including all the problems preceding the one you are working on, 
Sometimes it is necessary to define a helping function first before defining 
the function you want. 7 
1. Are the functions "-" and "+" defined here total < or r partial? 


m-ne [n= 0+m,T 4m -n7] 
mine [n>m 790; T+1+[m- n}] +n} 


2. Define expt[m, n] or m”™. (Let expt[0,0] = 1.) 

3. Define remainder{m, n]. 

4, Define m In, which means m goes into n an integer number of times. 
(It is a predicate, ) 

5. Define prime[n], a predicate which is true if n is a prime number. 
(The first prime number is 2.) 

6, Define gcd[{m, n] (greatest common divisor),. and lcm{(m, n] (least 
common multiple). ee 

7. Define nthprime(m], which gives the nth prime. Use the conven-~ — 
tion that nthprime[0] = 1 and nthprime[1] = 2. 

8. Define the predecessor function using only successor and equality, 
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thereby demonstrating that all the functions in this problem set require only 
successor and equality as their basis, 


Let us adopt the coding convention that a finite set of s-expressions 
will be represented in LISP by a Het of these s-expressions. For instance, 
the set {A B C} can be represented by the list (A B C) or by the list (B C A) 
or by any other permutation of the members; The list must have no repeti- 
tions. We can then define LISP functions that perform basic set-theoretic 
operations. For example, the relation of membership is represented by the 
LISP predicate member, defined by 


member [x, y} fsulify) + F, x= carly} * T, T * member{[x, edrfy})] 
The operation of taking the unicn of two sets is represented by the 
function union: . 


union |x, Pts + conelcar * adi alee + wmion{edr{x], 


Problem Set 7 


1. Define the fanction intergection{x, y}. 
2. Define the predicate segutv(x, y] which means "equivalent" in the 


sense of representing the same set. Two lists representing sets are sequiv 
if they only in the order of their Clements, é, é. rs sequivi[A BC), 
(A C B)]} = 

3. Define the function reverse, whose value is the same list as its 
argument, but in réverse order, ¢. g., reverse[((A B) (Cc Dy} # «(C D) (A B)}. 

4, Define the function length, which sce the length of the list x. 
length[NIL] = 

5. see the Schatten size, where size(x)} ie the number of atoms 
occurring in x, counting each stom ag many times as it oceura, e.g. 
size{(A (A))] = 4 

6. Define the function vocab, where vocab[x] is the set of atoms 
occurring in the s~expression x. ve Vouabtth (8 C) C}} = (A B C NIL), or any 
list which is sequiv to this. 
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§2.3 Partial Recursive Functions 


The basic functions for computing with s-expressions (including num- 
bers) are: car, cdr, cons, equal, atom, num, name, enum and successor. 

We have seen that predecessor can be defined from successor. Name 
can also be defined from atom and num if we are sure that there will never be 
any other type of atom. We prefer to leave this unspecified. 

The function enum is peculiar, ' Without enum, we would not be able 
to define those functions which depend on the spelling of names, but would be 
limited to functions that only take note of two names as being the same or 
different. But using enum, we can define concat, which concatenates two 
atoms (e.g., concat[A, X3] = AX3), and explode, which lists the letters and 
digits ina name, e.g., explode[AX3] = (A X 3), These two functions, in 
turn, form the basis for any other manipulation of the characters that make 
up names, 

The basic functions of s-expressions together with the language of 
recursive definition lead to the concept of a partial recursive function. 


Lemma 2,1 
Consider a finite sequence of recursive definitions: 
P,[S,s-0-. ®m,!° € 
?,,[8)> ooes ae }¢ e 
n 
where each ¢; is a distinct function name, and each é contains only the 
names of basic functions and names from the sequence Pyeeee si then 
associated with each ?; there is a procedure for computing a function of m, 
arguments. This procedure, when performed with any given sequence of 
m., s-expressions as arguments, either produces a value, encounters an 
undefined situation, or fails to terminate. Thus, each function-name ; is 
associated with an m,-ary (partial) function, namely that function defined for 
exactly those arguments for which the computation terminates with a value 
(the value of the function). 


The entire preceding section is sufficient proof that such a well-defined 
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computational procedure exists. 


Definition 2,2 


A partial recursive function (of 8-expressions) is any function for 
which at least one computational procedure as ‘defined above exists. 


It is well to keep in mind the distinction between a function, a 
function-name, anda procedure, #H is the process, of writing down recursive 
definitions that associates names and procedures with functions. A function 
is independent of any procedure used to specify it. However, the concept of 
recursiveness i# absolute; a fonction is either recursive or it is not recur- 
sive, It is recursive if there is at least one way to compute it (and it is 
easy to see that there are then many ways to compute it), and it is not 
recursive if there is no way to compate it, Whea a function is specified in 
some way that does not imply & computational procedure, this does not tell 
us whether or not itis recursive, — 


$2.4 A Universal LISP Function 

It is natural to want a theory of recursive functions, We may ask 
questions such ag: How large is the class of recursive functions? Are 
there functions that are well defined but not recursive? if we add new com-~ 
putational techniques or more basic functions, are we able be) compute more 
functions? The idea of an interpreter or univeres) function ig central to 
such a theory. 

The importance of lemma 2.1 is that the procedure for computing 
partial functions is effective. This means that we can program a general 
purpose computer 8o that when we give it a sequence of recursive, definitions, 
and a set of arguments for one of the fuactione, the computer then computes 
the yalue of the function applied to these arguments if the value exists, and if 
the computer has enough storage and time, Such a program is called a 
LISP interpreter, and has been written for many computers, What is of 
great significance for the theory of recursive functions, is that such an 
interpreter can be written in LISP itself. 

We define a universal LISP function called apply. Apply[fa, args] has 
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two arguments. The first argument is a sequence of recursive definitions 
as in the statement of lemma 2.1. Since an argument for apply must be an 
s-expression, we must code such a sequence of recursive definitions into a 
single s-expression, The first function defined in the sequence will be,the 
one we wish to compute, and the other definitions necessary to it may follow 
in any order. The second argument for apply is a list of the arguments for 
this function, 7 pate nesciads tia oe eae 

We first define a translation whereby a sequence of recursive 
definitions, as in the schema of Lemma 2.1, becomes a single s-expression, 
the argument fa of apply. We shall call this translation process '*", so 
that, for example, if €is a form in the language of recursive functions, then 


e* is its translation into an s-expression. 


Rules for translating recursive definitions into s-expressions: 


1. If €is a variable, then €* is the atom obtained by making alt 

of its letters upper case. 
2. If €is a number, then e* is just ¢. 

3. Ifeis T, F, or NIL, then €* is just €. 

4. If €is any other object (s-expression), then ¢* is (QUOTE €). 

5. Ifgisa function-name, ‘then g* is the stony obtatnea by 
making all its letters upper case, 

6. If eis a form of the type ofe,, »eee,y@], then e* is ‘@ e* 40. €,*). 

(Forms using: infix, prefix, or suffix operators. are isGnalated 
as if they were in standard form. There are names for each 
such operator. Also, some functions have an indefinite 
_ number of arguments. They are LIST, PLUS, and TIMES. ) 

7. Ifeisa conditional form (7, ad = eee, ad & then €* is 
(COND (9, * €*)... (™* © ‘). : eae 

8. A recursive Aatiaidon ott. agree le + ¢is translated as 
(pe (8%... 5 *) €*). de 

9. The argument fa" of apply isa list of translated recursive 
definitions as described:in step:8,; with the function to be 
applied coming first on the list, and all functions ‘that it 
uses, except for basic functions, appearing in any order 
on the list. 
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The translation process "*" te the LISP equivalent of a technique 
known to logicians as "Gidel numbering" ‘which we shall discuss later. 
However, Gldel numbering is « treerettcal concept which is impossible to 
use in any practical senee, whereas the use of s-expressions to define 
recursive functions is standard practice for LISP programmers. 


Exampies of traneletion 
Rule ¢ ) & 
ie x x 
as A3 
2, 25 25 
3. F : & votre la 
A | 7 {QUOTE A) _. 
(A B) {QUOTE (A.2). 
(3) . ro | pulpal 
5. car 
6. car{x] . eau 
| consfu, cér{A ]j (CONS 17 CDR xquoTE ay) 
6a m+n XXp+q {PLUS MCRES N blading 
= “941i, x«171,T° D (ROUAL..X 0). 1}. LAT. 3 
STEELE CPR ALE a Manca £1) 


(etn MEF PRRENCE K5)))) 


8. —s- fibb[x]* [x <0 44,261 42, _ terme 10 come eEREAL X89) 1) 
i a a 1) + Mobix - 27 . MEQUAL X : : 


9, wate e pe gu u 


chix] + 1 
a gee tA 
FOO ix) GUasT xX (GLITOH mp iguron 
1AST XCGUOTE CIA BS = (ABC) | 
_ The pertial recursive Junction i tadaliuapecats ‘via a number of 
auxiliary functions. 


/ 
Definition of apply: 


apply[fa, args] app[caar(fa], args, fa] 


app[in, args, fa] © [ 
fn = CAR ~ caar[args], 
fn = CDR ~ cdar[args], 
fn = CONS ~* cons[car[args ], cadr[args]], 
fn = LIST + args, 
fn=ATOM ~* atom[car[args]], 
fn = NUM ~*num{jcar(args]], 
fn= NAME ~* name[car[args]], 
fn = NULL * null(car[args ]], 
fn= ENUM * enum[car[args]], 
fn = SUCCESSOR * car[args}, 
fn= PLUS ~* applus[args], 
fn= TIMES * aptimes[args], 
fn= NOT * [car[args] = T * F, car[args]= F * T], 
T * apd[assoc[fn, fa],args,fa]  ] 


eval[e, a, fa] [ 
num[e] * e, 


e=-T *e, 
e=-F 7e, 
e=NIL *e, 


namef[e] * cadr[assoc[e, a]], 
car[e]=QUOTE ~*~ cadrfe], . 

car[e]= COND ~* evcon{cdr[e], a, fa], 
car[e]=AND * evand{cdrf{e], a, fa], 
carfe]=OR ~* evor[cdr[< ], a, fa], 

T + app[car[e], evlis[cdr[e],a,fa],fa]  ] 


apd[fd, args, fa]* eval[caddr[fd], pair[cadr[fd], args], fa] 
applus[a]¢ [null{a] * 0, T + car{a]+ applus[cdr[a]]] 
aptimes(a]¢ [null{a] +1, T * car[a] x aptimes{[cdr[a]]] 
assoc[e, a] « [e=caar[a] * car[a], T + assocfe, cdr[a]]] 


pair[x, y] + [null[x] + [null{y] + NIL], T + cons[list[car{x}, carly], 
pair[cdr[x], cdr[y]]]] | 


evlis[e, a, fa] + [null[e] * NIL, T * cons[eval[car[e], a, fa], 
evlis[cdr[e], a, fa]]] 


evconf[e, a, fa]* [eval[caar[e], a, fa] * eval[cadar[e], a, fa], 
T * evcon{cdr[e], a, fa]] 


evand[e, a, fa]+ [null[e] * T, eval[car[e], a, fa] * 
evand[cdr[e], a, fa], T * F] 


evor[e, a, fa]* [null[e] * F, eval[car[e], a, fa] * T, T * evor[{cdr[e], a, fa]] 
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The reader who finds this piece of coding dense may either puzzle 
through it himself, study one of the texts on LISP programming, or simply 
take it on faith that it does what we claim. it does. The reader familiar with 
one or more LISP dialects should note that this iiterpreter differs consider- 
ably from the apply operator of any computer implementation. Its arguments 
are different, it does not handle LAMBDA or functional arguments, it does not 
evaluate free variables, it treats 7. F, MIL aad conditionsia in a non-standard 
fashion and it has no PROG feature. 

Although we must normally define any. function. with a fixed number of 
arguments, this interpreter provides three specific exceptions: PLUS, 

TIMES and LIST. | — | 

It also provides for three logical operators: OR, AND.and NOT. 

NOT is a function defined only on the domain ®, Its behavior is completely 
explained by noting that not{[T]=F and not{F]=T. The prefix symbol for "not" 
is'""4", AND and OR are slightly more comptex. They are variants of the 
conditional form. Mathematically, "A" and "Vv! (which stand for "and" and 
"or", respectivety} are functions. on the domain * Filial two arguments, 

They are completely mpocitied by the falleming tes 


x Pd xuAy =“¥ 
T T po oe 
T *F Fr T 
F T F T 
F F F F 


If these were evaluated in LISP in the same manuer.as other functions, then 
a form such as "ev «" would require first evaluating G and & with the 
expectation of getting T or F in. each case and then using the above table to 
get the value of the form. What we actually do is quite different: First ¢ 
is evaluated, If this is T, ‘then we conclude that ¢, Ve is T and do not 
evaluate 6 atall. But if Gq is F, then we have to ae ee &. We treat _ 
"A" similarly; if q is F, we conclude that q A 6 is F and do not evaluate 6: 
The form "¢, V €," is completely equivalent to the conditional form 
[e, *T, T +6], and the form "G A 6" is completely equivalent to the 


ot 
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conditional form [€, Cos TF], 

This ten possible such definitions as the following alternative 
definition of member, which would not work if these functions were evaluated 
in the standard way. (Why?) bide oh i 


member{x, y]¢ -null[y] 4 [x = car[y] ¥- member [x;: erty) 


The interpreter we have defined conveniently provides for AND and . 
OR to have an indefinite number of’ arguments. The form eh woe A 6, : is 
translated into (AND. €* ... ¢€ *), and simflarly for'Nvr with OR. AND 
evaluates its arguments from ‘the left to right until it either tinds a false one, 
whereupon it concludes F without further evaluation; | or else if they are all 
true, then the valueis T. (AND), that is, AND of no arguments, will be T 
because none of its arguments are false. OR evaluates its arguments from 
left to right until one of them is.true, whereupon it concludes T without 
further evaluation, or else if they all evaluate false, then the vaiue is F. 
The value of (OR) is F because it does not have at least one true argument. 


Theorem 2, 3 (Interpreter Theorem). . 

Let 6,,...,6, be a self-contained sequence of recursive definitions 
(in the sense of ana 2.1), let @ be the name of the function defined by by 
and let A ieeeee Qe, be any sequence of s-expressions where m is the number 
of arguments for @,- - Then either .. MARLEE 


P,[a,,+--,a,, J= apply[list[6, *, oo nl Nstla. ell 


or else both sides of this equation are undefined a Lae: both. -computations 
produce the same value, or both fail to produce, values), 


The sini point for all theoretical Ae of aonieaaa is the fact — 
that any one formulation of a sufficiently general clase of effectively comput-~ 
able functions always turns out to be equivalent to all other sugh formulations. 
Historically, A. M. Turing defined a class of conceptualized machines of 
very simple design having an infinitely lorig tape'o in which to read and write. 
Any function that'can be computed on such a Turing ac 


machine is called com=| 
putable, Turing then gave very convincing” ‘arguments to show that the most 
elaborate computers that he could think of could ‘hot compute anything | that 


cy 
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these very simple machines could not compute, given enough time. Turing 
also showed that there is a universal Turing machine that could interpret any 
other Turing machine, given « description of the other machine. 

It is possible to write a recursive function that simulates a universal 
Turing machine. It is also possible to design a Turing machine that simu~_ 
lates the interpreter "apply". _ This not very surprising fact is the basis for 
a proof that the partial recursive. functions are the same as the partial com- 
putable functions on a Turing machine. 


Turing's Thesis 
Any fanction which can be etectively computed can be computed a a 
Turing machine. 


From this we may conclude that any function of s-expressions that is 
effectively computable is recursive. This is the converse of lemma 2.1, 
and is known as Church's thesia". | 


Problem 8 


Write an interpreter that evaluates arithmetic forms ory. It will be 
called areval, and has two arguments. The firat. argument ia a form to be 
evaluated, for example, (PLUS 3 (TIMES x Y). «The second argument is an 
"a-list" which defines the values of the variables occurring within the first. 
argument, for example, ((X2}(¥ 7)}. So areval{(PLUS 3 (TIMES X Y)), 
((X2) CY Ty} = 34247217, it does not handle conditional forms or function 
definitions. ih aT Seek aS 


Further Reading 


- For the reader wishing to learn LISP a8 & programming language, - 
there are two books: [McCarthy et al, }and [Wejasmanj. Additional informa- 
tion on particular LISP implementations igs. ugually available at each installa~ 
tion.. There is also a set of graded LISP problems. with angwers [Hart and 


Levin], which is useful as a teach-yourself aid. 
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There is an excellent discussion of the validity of Turing's Thesis in 
[Kleene, $70]. In [Davis], Turing machines are used as the starting point 


for the development of recursive function theory. 
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CHAPTER THREE 
PROPOSITIONAL LOGIC I 


Preview of Chapters Three and Four 

This chapter begins our study of logic as a tool for making formal 
deductions. Propositional logic is the logic dealing with the compounding of 
sentences or propositions using connectives such as "and", "or", "not", and 
"implies", It is net an adequate logical language for making inferences 
because it deals with entire clauses and does not consider their internal 
structure. We study propositional logic because it is the ground floor of the 
two-story edifice of first order logic, which is our main subject, The ter- 
minology and organization of our study of propositional logic will carry over 
directly to first order logic. . 

Chapter Three introduces the language of propositional logic, the 
technique of making logical propositions, and the feasibility of mechanically 
checking deductions to determine if they are correct. Chapter Four presents . 
the mathematical] theory of propositional logic. 


$3.1 Propositional Formulas 


Making use of a fairly loose analogy, we can say that propositional 
variables correspond to simple declarative English sentences, and that 
propositional formulas correspond to compound sentences. 


A It will not rain tomorrow. 
B We shall go to the beach. 
A>B If it does not rain tomorrow, we shall go to the beach. : 


A and B are propositional variables, ">"' means "implies", and A>B 
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is a propositional formula. 
We shall make the assumption that unlike English sentences, proposi- 
tional variables can always be interpreted as being either true or false 
assertions, There is no middle ground such as l'too Ambiguous” or "doesn't 
-make sense”. Propositional logic is. also cruder than, English j in that. the 
truth of a compound proposition depends only on the truth of its components, 
and the way they are connected by logical operators, and not on the way that 
they might meaningfully be related. For example, the English sentence 
"If two plus two is five then the world will end next Monday," can be con- 
sidered as nonsense. Sttppose we let A mean "Two plus two is five, and B 
mean "The world will end next Monday." If A-and Bare ’both false, then 
AB is considered true. This is part of the definition of '>', which simply 
requires that if A is true then B must be true. Since A isnot true, B 
doesn't have to be true for.A > B.to be-true.. The.saying ''J£ wishes were 
deeds, then beggars would be kings, '' captures the essence of this type of 
thinking. potas 1 Pe 


Definition 3. 1 


A propositional vaxible ig a name. . (It begins -with a. capital letter.) 


A propositions: sormulé is: . 
if aw a propositional: variable . 
or (ii)—(a) — fae aeies 
or (iii) (a) v (B) 
or (iv) (a) A (B) 
or (v) (a) > (8). 
or (vi) (a) # (8) 


where a@ and § are themselves propositional formulas. 
The names of the propositional connectives are: 


—.. ‘not 

voor 

A. and 

> implies 

= equivalent 
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It follows from this definition that propositional formulas can be con- 
structed of arbitrary size and depth of parenthesization. Sometimes we do 
not write all of the parentheses because they are not needed, 


Examples: 
A : A2B 
AV (BAC) = HA > (B= C)). 


(AA B)=(BAA) - (Al A (A2 A A3)) 


The following truth table is designed to interpret propositional formulas 
for truth or falsity. To iyterpret @ formula we niust first decide on a truth 
value (T or F) for each propositional variable. This cannot be inferred from 
the truth tables and for the moment at least must be considered as given. 
Having done this, we can then assign a truth value to each sub-formula 
starting with the innermost ones and ending with the entire given formula. 


Truth Values of the Fropositionst Connectives: 


A B ANB AVB >A ADB AFB 

T T T T *F T T 

T F F T F. F F 

v T F T T T F 

F. F F F T T T 
Example: 


Evaluate (A A B) * (B V C) when A is T and'B and C are F. 
From the table, we see that if A is T afd B is F, then 
AABisF. If Bis F and Cis F, then BV Cis F. So the 
formula becomes F * F, which according to the table is T. 


Problem Set 9 


Evaluate each formula, using the following table of values for variables. 
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Al T Bl F 
A2; T B2: T 
A3: F B3; EF 
1. A3>B3 2. A3>A2 
3. A1VB1 4. A2ABl1 
5. A3 6. —77B3 
7. (ASV B2) 8. (BI: > B1) 


them into s-expressions. The s-expression form should come as no ‘surprise: 
propositional variables undergo no change, and the other forms translate into 
(NOT a), (OR @ 8), (AND @ 8), (IMPLIES @ B), and (EQUIV @ ie _ onus 

(A \B) =(BY C) translates into (EQUIV (AND AB) (OR BC)); 


Problem Set 10 


1. Write a LISP predicate wff({x] which is T if x is a well-formed 
formula of the propositional logic and F otherwise; wit iteelf should never be 
undefined. 5 fe : 

2, An interpretation for the propositional, variablen: of a formula is a 
list (in any order) pairing each name with Tor F,. For example, ((A.T) (B F) 
(C F)) is the interpretation used in the example preceding problem set 9.. 

Write a LISP predicate propeyall[e, a], where. e. ig.a.propesitional formula and 
ais an interpretation for it. Propeval should interpret the. eae as Tor F. 


Ifa propositions formula has. exactiz. n different wariahien: in it, ‘then . 
there are 2 different interpretations . for the formula. .This.is.the:number.of. 
different ways: to ‘assign T or F to n things. 


Definition 3.2 
If every interpretation of a formula is T, then me formula is cated a 


tautology. 


If at least one interpretation of a formula is T, then the formula is 
called satisfiable. 
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If no interpretation of a formula is T, then the formula is called 


inconsistent. 


ee 3.3 

Every tautology is satiafiable, but not vice versa. If q@ is a tautology, 
then m@ is inconsistent. If @ is inconsistent, then a is a tautology. If a 
is satisfiable and is not a tautology, then ~@ is also, satisfiable and is not a 
tautology. - 


Problem Set 11 . | ie - ¢ 
1. Which of the following are tautolegles? > Which of the rest are 
satisfiable or inconsistent? 


a. AV-7AA b. AAB 

c. ADB “ gy A DTA Vv BY 

e. AD7A 27 aio? eels ee el 
g. (AA B) ®(A V B) . h. “(A > B) AB 


2. Write a LISP fanction vare{x] Such that it x is a formula of the 
propositional sigur then Bs ie the bak ot an the ‘propoaitional variables, 
that occur in xX, = | 

3. Write a LISP function tabs]x] auch that if x ‘is a set ot propositional 
viriables as is generated above, then ‘the § value’ ‘of tabs{x} is. ‘a lit of all 2" . 
interpretations for these variables, For example, consider the formula 
(IMPLIES (AND A €) (OR'B C)}! Phen Vare 60'Gis Yormula {a (A BC) or — 
some permutation thereof, and tabs of (A BC) isso: ne ‘permutation of 
(AT) (BT) (CT) (A T) (BT) (CF) KAT) @ FY) (CTSA TD) (BF) (CF) 
((A F) (BT) (C T)) (A F) (BT) (C F)) (A F) (BF) (C T)) (A F) (BF) (Cc F))). 

4, Write a LISP Econo = that is t = x a a peaweolegy. and F 
otherwise. ek a 
5. Write a LISP seedicute: satte) which is T if x is astisfiable, nnd ¥F 


"t 


otherwise, 


Two propositional formulas @ and 8 are said to be equivalent formulas 
ifa = Bisa tautology. The following table of equivalences contains many 
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well-known properties of propositional formulas. They are given in the form 
of schemas where the Greek letters:are used to represent any formulas. So 


a AB being equivalent to B \ @ meang more than A.A B being equivalent. to. 


BAA, It means, for example, that (A >, B).A 


Cds equivaleant.to C.A (A. B). 


Equivalences of Propositional Formulas: 


‘cgssume that (OR) = F and that tA)’ spew 


1 avs BVa commutativity of "or 
2. @Vv(BVy) (a V 8) vy associativity of "or" 
3. aap Va ear ‘conimiutativity of "and" 
4. an(sry) “(a A By ny aadociativity of and" 
5. 74a : apg ees “elimination of double ‘negation 
6. -~=(a@ vB) aa Ap Pre DéeMSiyan's’ ‘Laws a 
Te aa By aa Vag “"DeMorgan's tawe : 
8. AV BAY) ~ (wv Bp) A (a VY) distributive iaw 
9 aABVy (a RBYV (ah disttibutive law 
10. ave ne ‘fa’notency 
11, @Aa ow ipoténcy. 
12. a>pe ma VB ee ‘eiGeitishibh of "implies" 
13. a@28 (@ >) A(B> a) _ elimination o of Nequiv a 


sift Ee = 


From equivalences 1, 2, and 10, ‘We déé the’ aii for regarding 


Nortiag —— urnber ‘of ar gamidles ‘in ‘any etter without ” 


repetitions. - From eqiivalerices’3;'4, an#?12 ‘the snitid Hattis tor “and”. 

So we eanwrite AV BG withotit showing Whitty Wey $aeiociates, and in 
s~expression latiguaye we can’ write (OR K'8'C),’ pefmitting AND and OR to 
have an indefinite number of arguments, i is consistent with this’ ‘practice to 


Bey fo By Terese 


Problem 12 


Rewrite wff, propéval; taut and sat to handle AND end OR with an 
indefinite number of argurents. 


$3.3 Deduction 


If we are given "It will not rain tomorrow, " and "If it does not rain 
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tomorrow we shall go to the-beacth, " ‘then we may draw the conclusion 
"Tomorrow we shall go to the beach." ‘This is called a deduction. 


A 
ADB 
B 


Ultimately, we want to be able to | 0 mage, use of deductions. of consider - 
able length, and to arrive at conclusions ‘that ane not immediately obvious 
from the given statements, | The rules fer making deductions, in propositional 
logic are extremely simple. | A deduction naqngists of a sequence of numbered 
lines. Each line is a prqpositional formula, and the last one.is the desired 
conclusion. ‘There must be a reason or sages for writing each line, 
and there are only three kinds of justific: iA line is justified (a) because 
it is given, (b) because it is an axiom, ‘or (ce) bagause it follows from previous 
lines by using B rule of inference. 

As axioms for pragpositional logic, we shall. allow any. formula that is 
a tautology. ; 

The outs of taaaae ik ceapaiienlt magi is m edus-ponens 
This rule states that af there ia 2 line in dhe: au ction, which is the juvncis @, 
and if there is another line in the Meductiy n-Whith is: the. fermala a.—8, then we 
may deduce the formula A. We. oni 2 qnd:2. 2-8 the sptecedents of the 
inference, and £ the consequent ef the biference, Hither antecedent, may 
appear before the. other in the deduction, heiaaientonal moet. follew.-the 
antecedents, 

The following deduction shows that at we stots the ecoeaine ecmpeeed 
1 thru 6 below, the formula numbered 21 can be deduced, 


1, ADB “given 

2. BoC pees oo Aes a, given... 

3. C2D piven 

4. AVE ¢iven 

5. D2G given 

6 E>G © .- >, given 

7 (A >B)>((B2>C)2(A DC) tautology 

8 (BIC) >(A>C) Mp 1,7 
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20. 
21. 
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A>C | Mp 2,8 
(A >C)>((C > D) > (A> D)) tautology 
(C>D)>(A>DD). Mp 9,10. 
A>D_ Mp 3, 11 
(AV E) > ((A > D) >(DV B)) tautology 
(A >D)>(DVvE) Mp 4, 13 
DVE Mp 12, 14 
(D V E)> ((D> G) >(G V E)) tautology 
(D>G)>(G VE) Mp 15, 16 
GVE Mp 5,17 
(GV E)> ((E>G)>G) tautology. 
(E>G)>G Mp 18,19. 
G ) Mp 6, 20 


93.4 Proof-Checking 


We are now in a position to attempt a miniature proof-checker for 


propositional logic. . 


It is a predicate of three: arguments, proofchk(g, c,d], 


where g is a list of given formulas, c is a canclusion, and d-is a deduction. 
If all the arguments have the correct format, andd is a valid deduction . 
proving c starting with g, then the value of: proofchk: is T... Otherwise it is F. 

. We have already specified an s-expression language for propositional 
formulas allowing AND and OR to have an indefinite number of arguments. 
The format of the arguments of proofchk is as: follows: 


g: 
Cc: 
d: 


A list of propositional formulas. 

A single propositional formula. 

A list of steps. Each step is a list of three Sterna . The 
first item is a number. The steps are numbered con-. 
secutively, 1, 2, 3... The second items is a formula. | 
The third item is the justification for the formula, It can 
be (i) GIVEN, ii) TAUT; or (ifi) (MP: m gee where: ‘m and 
n are numbers of previous lintes. . 7 
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Using the previous example, g = ((IMPLIES A B) (IMPLIES B C) 
(IMPLIES C D) (OR A E) (IMPLIES D G) (IMPLIES E G)), c=G and d= 
({1 (IMPLIES A B) GIVEN) (2 (IMPLIES B C} GIVEN} ... (20 (IMPLIES 
(IMPLIES E G) G) (MP 18 19))} (21G (MP 620), | 

For a deduction to be valid, it must nave the correct syntax and in 
addition: 

1, If the justification for a stey is TAUT, then the body of the step 
must be a tautology. 

2. If the justification for a step is GIVEN, then the body of the step 
must be a member of the list g. | | 

3. If the justification for a step is (MP mn), then letting the body of 
the step be 8, and letting the body of step m be a, the body of step n must be 
(IMPLIES a 8). Furthermore both m and n must be less then the number of 
the step being justified. 

4, Th bal of the: Inet atepimednbe 6 ‘the: conclusion. 

A recursive definition of proctchk follawe: 


proofchk[g, ¢, d}© | } A witfe | A wisteplis[d) 4 mull {d} A 
steporder jad} +: : =e N prdotenks fg. ¢] 
wiflisic}® faekife} * 7’, atomfe} ~F, Ti+ setter pel * witiafedetx}t 


sil[x}]© satemix} 4 nulifedrfx]}}. 
s2[x}] © satom([x] 4 slfedrix}} . 
$3[x} © ~atom[x} 4 s2fedrfx]} es 


wfsteplis{x]© [null{x] * T, atom|[x] ~F,T * wietep(car{x]}] A 
wisteplis[cdr([x]]}] 


wfsatep[x} © s3{x]JA numfear{x}}* witjcadr[x}) A wijust[caddr [x}] 

wfjust{x] © x = GIVEN V x = TAUT V este] 6 earfx} = “MP A 
numfeadri{xj} 4 munfeaddi‘{x }]} 

steporder {x} {ai[x] * T, TF. a, lis caettc} A steporder[cdr [x}]] 


proofchkl[g..4, q]* fnullfa}.+ 7.1 T+ repens. = earfq}]} 4 
proofchk! [g, d, edrfq}}}. 


stepchk[g, d, s}* [caddr[s}] = TAUT + taut{cadr{s]}. caddr[s] = GIVEN ~* 
memberfcadr[{s}, g], T + mpchkfd, s, caddr[s }}] 


mpchkfd, 8, jJ © caar{d] s cadr[j] 4 cadrfj} < carfs} A caar[d}] < caddr[jj 
caddr[j} < car[s#) 4 cadrffetch[caddr[j], d]] = list{IMPLIES, 
cadr/{fetch[cadr{j)}, d}}, cadr[s]}) 


last{x] © [sl[x] * car[x}] T. + last{edr[x]]] 
fetch[n, x] © [null{x] * NIL, n = caar[x] * car[x], T * fetch{n, cdr[x]]] 
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Problem 13 


If you have access to an interacting LISP system, program a more 
practical proofchecker in which you can specify the given and the desired con- 
clusion, and then enter lines of proof. The program should give diagnostics 
when it does not accept lines offered to it, and let you try again. 


There is a difficulty with this method of proof that prevents us from 
making deductions in a reasonable length of time in certain cases where we 
would expect to be able to do sox’ Suppose @ is’a formula containing 40 
different propositional variables, It. shquld be, eagy: to show that a V 7a is a 
tautology. But if we set taut to check whether this is a tautology, then it 
will try to form a list of 240 interpretations and will fail on any existent 
computer. . 

One way around this difficulty is to make use of the idea of substitution 
instances. If @ is any formulja,. then: Feplesingzecgneoeb Ms peoposttionsl: 
variables with, formulas generates a substitution inatemce ofthe original - 
formula, Ifa particular propositional variable is#o‘be-replaced, then all - 
occurrences of it must be replaced, and must.bereplacetsby the same 
formula, For example, @ substitution inatence of AEP: = ‘iaimane be 
(CV D)A (BED) RIC YD gr . 

A substitution instanee of a. tautology. is en slauisteee i: So we 
can add to our deductive syatem for the prapesitionaldegic-one more rule of — 
inference: : ‘a Sates ACD Oe Byes ats TE Pe aes 


Substitution rule: 


A line in a deduction is justified if it is a substitution 
instance of a previous line, ang and that previous line isa. 
| tautology. | 


Problem 14 


Modify proofchk to allow for substitution instances of tautologies. — 
The justification for such a line wil] have the ferRet (INST. Be. where a refers 
toa eprevions line, whose {justification is TAUT, . 
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CHAPTER. YOUR: — 
PROPOSITIONAL LOGIC 


Preview of Chapter Four 
This chapter déveiops atheory of propetitiinal logic. The concep- 

tual framework, ard even many of the Se over directly to 
the theory of firat.owder logic. = 

The theory nataraliy divides itvelf site *id*dopicte, ‘The first of 
these, called prog! thaery,; concerns iteeif wit peopositiona) formulas, and 
deductions, viewed as formal objects to be manipalited, “without ary concern 
for what they are intelttvety supposed te wieen.° "Phe sécond depect of the 
theory is modal theory: whosu purpece is t ‘welidte the logit with respect to 
its intended mewning. The most important theorems for our purpose are 
‘those that relate proof theory to model theory. z 


$4.1 Proof Theory 
At any given thine, it 1s usefat to Himit the discussion of ‘propgaitionsl 


logic to those formutas that contain only a en. set ue propositional 
variables, 


Definition. 4,1 


A vocabulary ts any non-empty set of pr 2 08 pitional variables, 
A language (of propositional logic) is the : set of all formulas containing 
only variables from.a particular vocabulary. 


A vocabulary may be finite or infinite. Every vocabulary defines a 
unique language, All languages are infinite sets even when based on a finite 
vocabulary, If the formula a@ is a member of the langyage L, then the 
formula 7@ is also a member of L and vice versa, ‘If the formulas a and 8 
are both members of L, thena/A 8, a V8, etc. are also members of L. 
Conversely, if a compound formula is a member of L, then its constituents 
are members of L. . , 

When using logic as a deductive tool, we frequently select some set 
of formulas belonging to a language as the axiomatization of our subject 
matter, Such a set of axioms can be called a theory. We then want to dis- 
cuss those formulas that can be deduced within the theory. These are some- 
times called theorems. This motivates the following definitions: 


Definition 4.2. 


If Lisa language, then a theory is any subset of L, If T is a theory 
of L, and @ is any formula of L, then the notation "Tre" means that there | 
exists a deduction (as specified in ‘Chapter Three) such that every given 
formula of the deduction is in T, and the conclusion is Oe We can read this 
as "a is deducible from T". The set of all @ in L such that Tra is the 
set of theorems of T for which v we write Th(T). 


Definition 4. 3 


The theory of T is said to be inconsistent if there is some formula @ 
such that Tra, and TrFa@, Otherwise T is consistent. 


Corollary 4.4 

If T CL is the empty theory, then Th(T) includes all tautologies of L. 
If TC L is inconsistent, then Th(T)=L. if T and R are theories of L, then 
(Th¢(T)-U Th(R)) ¢ Th(T U R). 


Definition 4.5 


A theory T © L is complete (in L) if for every formula @ € L either 
either Tra, or Troe. . 
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It is important to observe that the completeness of a theory is 
relative to the language of which it is a part. The theory is complete if all 
the formulas of L are provable or refutable from ye and none of them are left 
undecided, But the same theory may be incomplete » with respect toa a larger 


language, 


Definition 4.6 . 
If TC Lis a theory, anda € L, then if neither Tra, nor Tra, then 
@ is said to be independent of T. 


We have seen that formulas may be divided into three classes, 
tautologies, inconsistent formulas, and those that are satisfiable but not 
tautologies. Given any consistent theory T in the language L, the formulas 
of L can then be divided into three disjoint classes relative to T: (i) those 
that are deducible from T, which includes the tautologies, as a subset, 

(ii) those whose negations are deducibie from. 7; which. we can call the. . 
formulas refutable ftom T and which includes all the inconsistent formulas 
as 4 subset, and (iti) those that are independent fT. If Tisa complete 
theory, this last clags is empty. 


tautologies 


Satisfiable 
but not 


refutable 
from T 


tautologies 


inconsistent 


fotmilas T is incomplete T is complete 


be. ® 3 


Problem Set 15 


1, Which of the following theories are inconsistent? Which are com- 
plete within the smallest language containing them? 


a. A b. AVB 
AA V 7AB 
~aB2?C 
aC 
c. AVB d. A 
~B AB 
C. 


2. Prove that if T is any consistent theory in L, there is a theory T 
in I. which is complete and consistent, and such that T © ": 


3. Show that every complete theory has a canonical form. 


The main theorem of this section is known as the deduction theorem 
(for propositional logic). It is the formalization of the intuitive proof tech- 
nique whereby when we want to prove a result having the form "A implies B", 
we assume A and then derive B. | oe 

Both the statement of the theorem, and the method of proof are typical 
of proof theory. The statement of the theorem is simply that if a certain 
deduction exists (and a deduction is itself a formal object.as defined in 
Chapter Three), then a certain other deduction must also exist. The proof 
of the theorem makes no appeal to the meaning of propositional logic, but 
merely describes how to obtain the second deduction if the first one is given. 
This is known as a constructive proof. 


Theorem 4.7 (Deduction Theorem) 
If TU {a}tB, then Tra > 8, 


Proof: The assumption of this theorem is that there is a deduction of the 
formula B in which only the formulas of T and the formula @ are justified as 
given. Let this deduction be the sequence of formulas B,. -..,8, where 

B. = B. We shall use the method of mathematical induction to show that for 
each i, where 1s isn, it is the case that Tra > B.. This is sufficient to 


prove the theorem, because Tra@ > B. is the desired result. 
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By the induction principle, it is sufficient'to show that if Tra >. B. for 
1s j<i, then Tha > B;. There are four cases to consider: (i) if B. isa 
tautology, then @ > B. a also a tautolagy, and 80 ‘The 28. (ii) If B, follows 
from 8. and B. by niodiecpoaens in the given proof, were B.. is B.> "By, 
j<i, andk<i, then by the induction assumption Tra 5B. and Tra 3B, > BY. 
Then since (a 28. )>2ta > B. >3))> te 28) isa tautology, by two applica- 
tions of modus-ponens we get @ > B.. it) if 8, is justified as given in the 
first proof, and @, € T, then TrB,, and since 4, > ie 38, ) is a tautology, by 
modus~ponens we yn Tre > B;. Taw) it 8, Te justifie ns & given in the first 
proof, and B, is e, Then Tre 22, because this formule {a 2a) is a tautology. 


A constractive proof usually tells us more than is required for the 
theorem. This proof, for example, tells ne that the deduction Tra -.8 is 
computable from the dedactzom Tu a a ‘Moreover, the second deduction 
is at most three times as long an the Fret. ne constructive 
proof is an existential proof. . 


Probiem 16 . a. 
Let 'T be the theory [A >B, B sc. ‘Then TU {A}+C, and we write 
out this deduction in fall: re 


i, oA given 

2, A>B given 
3. B. Mp 1,2 
4% B2C given 

ar Mp 3, 4. 


The deduction theorem tells us that ThA 2 C, Obtain this deduction by 
following the construction given in the proof of the deduction teebrem. 15 
there a shorter deduction for TRA > CY 


$4.2 Model Theory 

While proof theory is coriverned with the properties of deductions, | 
model theory is concerned with the meaning of the formulas. A formula is a 
logical compound of prepositions, eath of which is regarded as true or false 


= Bu 
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in some context. The purpose of a model is to supply that context; therefore: 


Definition 4.8 


A model in a language L is a function from the vocabulary of L into %. 


If the vocabulary of L is finite with n members, then there are on 
different models for L. If the vocabulary of L is infinite, then there are 
infinitely many models for L, in fact, uncountably many. 

If M is a model in the language L, and @ € L, then M assigns a truth 
value to each variable occurring ina. Then, using the truth tables for the 
propositional connectives, or else using some procedure such as propeval of 
Chapter Three, a truth value can be assigned to @, 


Definition 4.9 


If @ evaluates to the value T using the model M then we say that M 
satisfies @, and we use the notation 'Mka" to express this concept. 


Corollary 4.10 


If M is a model in L, and @ € L, then either Mka, or Mf-a. If for 
every Min L, Mka, thena isa tautology. If there is at least one model M 
such that M ka, then @ is satisfiable. If there is no such M, then a@ is 


inconsistent. 


Definition 4.11 


If TCL is a theory, and M is a model in L, and if M ka for every 
a € T, then we say that M is a model for T, or M satisfies T, and we write 
MIT. 


So far, we have used the symbol "" to relate models to formulas or 
theories. We can also use "[" to express the idea that in any context where 
the theory T is satisfied, the formula @ is also satisfied. 


Definition 4, 12 


If TCL, anda@ € L, and if every model in L that satisfies T also 
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satisfies a, then we say that T semantically implies or semantically entails 


a, and we write Tka. 


It is important to realize that Tka, or T semantically implies @, is 
not the same thing as saying Tra, or @ is deductible from T, at least not 
until we have proven this to be the case. 

The main result of this section is the compactness theorem, a rather 
surprising result when first seen. Suppose some infinite theory is not satis- 
fiable by any model. One might think that this is a property of the theory as 
a whole. But the compactness theorem states that the unsatisfiability can 
always be localized to some finite portion of the theory. 

An unsgatisfiable theory is one that has no model. An inconsistent 
theory is one for which there is a formula .@ such that both @ and ~@ can be 
deduced from the theory. The former concept is model theoretic, while the 
latter is proof theoretic. If a theory is inconsistent, then it is obvious that 
some finite sub-theory is also inconsistent because the deduction of the 
inconsistency had to come from finitely many given formulas. But we have 
not yet proved that unsatisfiable and inconsistent are equivalent concepts. 
The compactness theorem is a result preliminary to proving this. 


Theorem 4, 13 (Compactness Theorem) 
Ifa theory is unsatisfiable, then it has a finite sub-theory which is 


unsatisfiable. 


Proof: if the theory T is finite, then the theorem is trivial because the sub- 
theory T “is taken tobe T. The theorem did not promise that T was a 
proper subset. If the vocabulary of T is finite, then there are 2” models 
where n is the number of propositional variables in T. None of these models 
satisfies T, and therefore each one falsifies some formula of T. This set 

of formulas is not satisfiable, and is the required T, . 

Suppose the vocabulary of T is infinite. Let the propositional 
variables of T be enumerated in some order as the sequence aye ao» ~e. We 
shall call a function from some initial segment of this sequence into fa 
"partial model". A partial model assigns truth values to a, thru a, for some 
n20, We can picture all partial models as nodes on an infinite tree. The 
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first node is the empty partial model. The next level containing two nodes 
assigns T and F to ays and the third level containing four nodes assigns T 
and F to ay and ay in 4 different ways, etc. 


A partial model assigns truth values only to those formulas of T 
whose propositional variables are among those that the particular partial 
model interprets. If a partial model interprets at least one formula of T as 
false, it will be called a "terminal". “We now "prune" the tree by cutting 
off all nodes that are descendents of terminals. If the pruned tree has 
finitely many nodes, then for each terminal we select a formula which is 
falsified by that terminal. The set of these.formulas is the required finite 
fe because if M is any model, then some initial sequence of M is the same 
as some eerninels So there is a formula in T which is not satisfied by M. 
Therefore T’ is an unsatisfiable theory. 

Now suppose that the pruned tree after eliminating deacendente of 
terminals is still infinite. Then there must be some infinite descending path 
passing through infinitely many nodes. This is because if the tree is infinite, 
then either the left or right half of it is infinite. Then either the left or right 
half of this half is infinite, etc. But such a path constitutes a model. 
Vurthermore, this model does not falsify any formulas since none of the nodes 
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it passes through is a terminal. So this medel must satisfy the theory T - 
contrary to assumption. Therefore the pruned tree cannot be infinite. 


$4.3 Consistency and Completeness 

We now us® model theory to critique the consistency and completeness 
of deduction. We want to show (i) that deduction only allows us to obtain con- 
clusions that are semantically justified, and (ii) that all such conclusions can 


be obtained by deduction. 


Theorem 4. 14 (Consistency Theorem) 


if TCL, a € Land Tre, then The. 


son, @) = & bea deduction of a from T. By the induction 
principle, if we can show that Tre, for j< i implies The ? then we can con- 
clude that T ko for each i, and, in particular, T+. There are three cases: 
(i) fa, is a Gutoleas: then Tp®, because ali modeis of L satisfy a. (ii) If 
a, is giveiy then @, € T and so The,. _ (adi) Ife, foliows fram «, anal a, by 
adds -woneas: where a, is >a ‘then by the induction hypothesis, Tha. 
and Tka.> a. so if MET. en Mie, and Mba, jr te: From dhe truth table 
of ">", it is sets that Mbe,. and so the, 


Lemma 4, 15 
If T ka, then there is a finite subset TY of T such that T ka. 


Proof: T U {>w} is an unsatisfiable theory, since every model that satisfies 
T also satisfies a, and therefore does not satisfy 7a. According to the 
compactness theorem, there is a finite subset of T U fra} which is also 
unsatisfiable, We can always include 7a in this set, so it can be written 

T U {50} where TC T is finite. If M}T, then M cannot satisfy a, and so 
Mta. Therefore Tbe. a 


Theorem 4.16 (Completeness Theorem) 


If TCL, a@€ L, and Tha, then Tra. 


Proof: By lemma 4,15 there is a finite TC T such that T’ka. Let T’ = 
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(By wee vibe): Then B, > (B, >.. (8. >Da)...) is a tautology, and there isa 
deduction starting from this tautology, introducing each B. as given, and then 
detaching it from the tautology using modus-ponens, such that the conclusion 


of this deduction is @. 


Corollary 4.17 


If there is at least one formula that cannot be deduced from the theory 
T, then T is satisfiable. 


Problem 17 


Prove corollary 4.17. 


ie 


CHAPTER FIVE 
RECURSIVE FUNCTIONS AND SETS 


Preview of Chapter Five 

This chapter continues from where we left off in Chapter Two. 
There we formalized the notion of a recursive function, and showed that 
there was a universal recursive function apply. in this chapter, we continue 
the discussion of recursive function theory by demonstrating that there are 
perfectly well defined functions that are not recursive. It is surprisingly 
easy to get such & result once we have a universal fanction. The theory 
goes a bit further by showing that there are fanctions that are in some sense | 
not even halfway recursive, . 


85.1 Recapitulation 
‘To summarize the results of Chapter Two briefly, the following 
schema represents a sequence of n recursive definitions: 


9, (5), seh Te q 
#,(8,> woos *m_)* bs 


Such a sequence defines n partial recursive functions, gives them the names 
¢, thrug.. and specifies procedures for computing these functions which 
terminate with a value whenever the partial function has a value, and are 
otherwise undefined or fail to terminate, The. recursive function specified 
by the procedure may not be the one we expect, but it must exist because the 


SR UE ACE CSE RE IS Re Ee RE EE 


behavior of the procedure is taken as its definition. 

There is furthermore a well-defined effective method of coding a 
sequence of recursive definitions into a ‘Single $-expression, | and there isa 
partial recursive function called apply such that if & is the coded s-expression 
just mentioned, and ~, has exactly k arguments (that iB», m, = k), and a, thru 
a are any s-expressions, then: 


?,[a,, 200, ) = apply[B, list[a,, ; oe “el 


where the symbol "=" here means ''strong equality" in the sense that either 
both sides have the same value, or both sides are undefined, (We can also _ 
compute any other of the ;. merely by putting its definition first when coding 
B.) 


$5.2 Turing's Halting Theorem 


A. M. Turing first. proved this ey inane acaiiee his cenceptual- 
ized computers now known as Turing Machines.. He showed that there is no 
computer that can always predict whether or, not:another computer will halt.or: 
continue to.run indefinitely, after stucving the structure and initial state of. 
that.other computer. . It is assumed here that ali:cemputers have access to an 
unlimited supply of initially blank auxiliary storage. Of course a computer 
can predict that another. computer will halt by simuleting. ite behavior until a 
halt is encountered. But there is no way to do this without danger that the 
computer doing the simulation will itself.not halt.in some cages, A proof. 
along these lines.can be found in [Davis], : aegis 

We define the total binary predicate halt[x, y] as. follows: If apply{x, y] 
is defined, then halt[x, y) is T;. otherwise heit{x, y}is F.: ;The predicage-halt 
is certainly meaningful and well defined. But we have not specified any 
effective means to compute: it. 


Theorem 5.1 (First Halting Theorem) 


The predicate halt is not recursive, 


Proof: Suppose, to the contrary, that halt is recursive. Then there is a 
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sequence of recursive definitions, the first of which computes halt, and the 
rest of which are auxillary functions for halt. Then we can define the 
recursive function diag as follows: 


diag[x}* [halt[x, istix}] + listlapply[x, list(x}}], T * NIL] 


The function diag is recursive because it has been effectively defined from 
apply and halt both of which are, or are presumed to be, recursive. 
Furthermore, diag is a total function because halt is total, and while apply 
is not total, it only gets to see those arguments certified by halt as producing 
a value for apply. Because diag is recursive, its definition can be coded 
into an s-expression which we shall cali diag*. This is a list of the trans- 
lation of the recursive definition of diag written above, followed by the 
definitions for halt and its meeiliary fanctions,  anidapply and its auxiliary 
functions. Now consider the value of diaghding*})  ‘This-value must exist 
because diag ia total. Therefore, by the imergreter theorem, applyfdiag*, 
list[diag* ]} must be defined and have the same value, and hence halt{(diag*, 
list[diag* J} is T. But thes from the reeursive definition for diag, we have: 


diagidiag® | = list[applyiding’, Hstfdiage })) = listfding{diag* }] 


This is a contradiction because it aeserts thet some #-expression is equal to 
list of itself. This is like having a mumber x sueh that n=. Since we have 
arrived at a contradiction using correct reasoning, we must conclude that 

our original premise that. halt is recursive is not true. 


This proof is confusing at first sight. Lf you study it carefully, you 
will see that it is really no different in ite basic technique from Cantor's 
diagonalization proof that the real nambers are net countable. That is why 
we have called the self-applicative function "diag". Most undecidability and 
incompleteness proofs involve some sort of diagonalization technique. 


$5.3 Recursive and Recursively Enumerable Sets 
. Definition 5.2 


A set of s-expressions is recursive if there is a total unary recursive 


predicate which is T for members of the set, and F otherwise. 


Since the numbers are a subset of the s-expressions, this definition 
extends to numbers. For a set of numbers to be recursive, it is sufficient 
to have a predicate which is defined only for numbers, and is T for members 
of the set and F for numbers that are not members of the set. This is 
because the set of all numbers is recursive using the basic predicate num. 

If a set is recursive, then there is an effective test for membership 
in the set which terminates either way. We have just proven that the set of 
all s-expressions x such that apply[car[x], cadr[x]] is defined is not a 
recursive set. 

There is a weaker condition than recursiveness called recursive 
enumerability. It applies to sets where there is a membership procedure 
that always terminates when the answer is yes, but may not terminate when 


the answer is no, 


Definition 5.3 
A set of s-expressions is recursively enumerable (abbreviated to r.e. ) 


if it is the set of values for some total unary recursive function defined on the 


domain of numbers. 


This definition creates the picture of a machine that runs continuously, 
and from time to time prints out some s-expression. Every s-expression 
that is a member of the set will be printed eventually, and only members of 
the set will be printed. There may be repetitions. But we cannot always 
conclude that some s-expression is not a member of the set, because we may 
not have waited long enough. This is a good intuitive view of recursive 


enumerability. 
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Definition 5.4 


A predicate is recursively enumer able. eif the set of arguments for 


which it is T is r.e. 


There are many alternative definitions for ar.e, set, some of which 
are given in the fallowing erat 


Corollary 5.5 

(a) A set is r.e. if and only if it is the — (set of: values) of some 
total recursive funetion.. 

(b) A set is r,e. if and opty if it te the range of same partial 
recursive function, 

(c) A setia r,e. if and only #{ it i# the: idamenin’ ‘of definition far some 
partial recursive function (i,e., the set of ihe sinuiastn on fics the. a 
function is defined). 

(d) If a set ia r.e. and its complement is also r,e., then both are | 
recursive. (This meana complement with reapect to the set of all s-expres- 
sions, but it is also true if we take a complement with aa to: the get of. 
numbers, or any other recuraive set.) are 


Problem Set 18 Betts 

1. Prove all the parts of corollary 5.5. 

2, Show that halt te ar.e. predicate, © 

3. Using theerem 5.1, and aris 5. 8, we (d), avery some set - 
which is not r.e. 


The last reault of the chapter is a stronger halting theerem in which 
we demonstrate the existence of 2 predicate that is not even r.e. We define 
the total unary predicate tat[x]} te be T if and only if x is a sequence of | 
recursive definitions which is syntactically well formed, and furthermore 
specifies the computation of a total unary function of the s-expressions. 
Tot[x] is F if x is not a well-formed sequence of definitions, or if it defines 
a non-unary function, or if it defines a nea-total function. Tot itself is never 
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undefined. 


Theorem 5.6 (Second Halting Theorem) 

The predicate tot is not r.e. 
Proof; Assume to the contrary that tot is r.e. Then the set of arguments x 
such that tot[x] is T is a r.e. set, and there is some total recursive numeric 


function totenum which enumerates this set. Now consider the function diag2 
defined by: 


diag2 [x] [num{x] % listfapply[totenum|[x], Net[x}}], T * NIL] 


Given our premises, diag2 is evidently a total unary recursive function. 
Letting its definition sequence be the s-expression diag2*, we have 
tot[diag2*] = T. Therefore, there is some’numbet k*auch that totenum{k] = 
diag2*. Then diag2[k] = list[apply[diag2*, list{k}]] = list{diag? [k]]. - This is 
a contradiction, So the initial assumption that. tot.is Yr. e, must -be false. 
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Once again, the distinction between a rope and a snake had proved too 
subtle for Western logic. eve : 
-The Adamantine Sherlock Holmes- 


CHAPTER SIX 
FIRST ORDER LOGEC « INTRODUCTION 


order logic. It ¢oritains some basic ‘definttions, azid‘an intuitive exploration 
of the subject to develop skill in handling formulas and their meanings. No 
deep theorems are proven. 

Chapter Seven defines and develops the theory of deductions. With 
the exception of the consistency theorem, all of Chapter Seven is proof- 
theoretic and constructive in nature, It contains all the basic results on 
provability that we shall need for the rest of the book. Chapter Seven is 
long and contains many difficult exercises. This seems necessary in order 
to develop some practical sense about deduction, which theoretical study 
alone is not likely to do. . | 

Chapter Eight starts with the completeness theorem which is the 
central topic for the classical study of first order logic. The completeness 
theorem is then extended to logic with equality, and some consequences of the 
completeness theorem having philosophical implication are discussed. - 


$6.1 


Languages, Formulas and Sentences 


First order logic is thuch more subtle than propositional logic. Ina 
certain theoretical sense, it is sufficient to represent any completely formal- 
ized process of deduction, Let us consider a very trivial deduction: Bowser 
is adog. All dogs are mammals, All mammals are vertebrates. There- 
fore, there is at least one vertebrate, : “Bach of these sentences is simple 
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rather than compound. If we call them A, B, C and D, respectively, there 
is no way to deduce D from A, B and C using propositional logic. The 
internal relations that make this an evident deduction are simply not available. 
These statements can be formalized in first order logic as follows: 


A:  dog[BOWSER] 
B:  Yx(dog[x] > mammal{x)]) 
Cc ¥x(mammal|[x] > vertebrate[x}) 


D: 4&x(vertebrate[x]) 


When we define deduction in first order logic, it will be seen that there is a 
deduction of D given A, B and C, . 

In this example, there is a variable, x, an object, BOWSER, and 
three predicate names. A slightly more complicated example, containing a 
function name in addition to a predicate name is: The number three is not 
even. If anumber is not even, then it is odd. If a number is-odd, then its 
square is odd, Therefore there is some number the square of whose square 
is odd. 


meven[3] 
Yn(Aeven[n] > odd{n]) 
Yn(odd[n] > odd[square[n]]) 


. In(odd[{square[square[n]]}) 
This is also a valid conclusion in first order logic. 


Definition 6,1 


A function name is an identifier. 

A predicate name is an identifier. 

A vocabulary for first order logic is a non-empty set of predicate 
names, and a (possibly empty) set of function names, together with a number 
(20) for each name called the degree of that name. 

_ The purpose of the degree is to specify the number of arguments a 
predicate or function has. . | 
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A term is: 
(i) a variable 
or (ii) OFT, ---.T, ] 


where ® is a function name of degree n, and each of the 7, is aterm. (Note 
that this definition allows terms of arbitrary depth. Also, if the degree of 
y is 0, theng[]is aterm, A 0-ary term is called a constant. ) 

An atomic formula is p[t,,.-..T} where # is a predicate name of 
degree m, and each 7, is a term. (Note that predicate names occur only 
outside function names, and that predicate names cannot be nested within 
each other. Also, if the degree of ¢ is 0, then $1) is an atomic formula. ) 

A formula is: 

(i) an atomic formula 

or (it) (a) 

or — (iii) (@) Vv (B) 

or —_ (iv) (@) “ (8) 

or (v) (@) > (B) 

or (vi) (a) ® (B) 

or (vii) V&l(a) 

or (viii) F(a) 


where @ and 8 are formulas, and § is a variable. The symbols Vand dare 


called the universal _guantifier and the existentia) quantifier, respectively, 


and can be read as "for all" and "there existe". 


Informally, we shall relax this grammar in several ways, We may 
drop some of the parentheses when this does not result in ambiguity for the 
reader. We do not specify associative grouping for "V" and "A", since this 
makes no difference. We assume that ''"' associates from-the right, so that 
p[x] > q[x] > r[x] means p[{x] > (q{x] > r{x}). We use terme. ‘containing infixes, 
prefixes and suffixes in the same manner as in Chapter Two.” Finally, we 
use objects as terms, which saves ue the trouble of Sept editing each object 
by a constant, : 

Throughout this book we shall use the convention that when a quanti- 
fier and its quantified variable are followed immediately by a left parenthesis, 
then the scope of the quantifier extends exactly as far as the matching right 
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parenthesis. For example, 4x(p[x]) > q[x] means (4x(p[x])) > q[x], and not 
dx((p[x]) > q[x]). 


Examples of Formulas: 


a. Vx(p[x] > q[x]) b. “n(n = 0) 


c. (n¢m)Xp=nxp+mxp  d. Ix(pfx]) > 'tx(p[x] > piflx]) > 
 Sxtp(tftfz1))- 


e. (p{]¥ maf) =-(p(]* af) f. pix] Y plelx]] ¥ plelefx)}) 


Definition 6. 3 


' The set of all formulas using a given ‘vocabulary is called a langu age. 


Definition 6. 4 


In: a formula having the form V&(a) or FE (0), every occurrence of the | 
variable § is a bound ¢ occurrence ‘of. §. It is bound by. the initial quantifier of | 
the formula unless it is bound by some quantifier, 4B, @. Anoccurrence of a — 
variable that is not bound is free. | 


It is only meaningful to talk about a particular occurrence of a variable 
being bound or free with respect to a particular formula. For example, 
within the formula 4x(p[x}), the variable x is bound with respect to the whole 
formula, but free with respect to the subformula pix]. In the formula 
p[x] > ¥x[q[x]], the first occurrence of x is free, “and the second and third 
occurrences are bound,. In the formula Vy(p1 [x, y |v Ax(p2 tx, y)), the only 
free variable. (with: respect to the entire formula) is the first occurrence of x. 


Definition 6. 5 

If a formula has no free variables (with respect to, itself), then it is 
called a sentence, A universal closure ofa formpla. @ is a-sentence 
vé- VE nf) where the § are all the distinct free varjables of a in any order. 
$6.2 First Order Models 
Definition 6.6 


Let L be a first order language. Then.a model in Lis a package 
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containing the following: 


(i) A non-empty set D called the domain of the model. . 
(ii) For each function name ¢ of degree n, a function @:D" + D, 
(iii) For each predicate name # of degree m, a predicate %:bD™ 


When we speak of finite, infinite, countable or uncountable models, we 
are referring to the cardinality of their domains. It is important that the . 
domain be non-empty, and that the functions and predicates that BESTPES the 
function and predicate names should be total. 

The significance of models is that they specify semantics for formulas, 
Consider a language L, a formula a € L, and a model M in L. Temporarily, 
we need another entity called an interpretation. “An interpretation I for the 
formula &, and the model M is a total furietion. ‘from the set of variables 
occurring in @ into the domain of M, Given M, t and a, we can define a 
valuation for every sub-component ofa. Thé veluation of a term will be a 
member of D (the domain of M), and the valuation of a heaton will be a truth 
value (member of ¥), defined ‘ag follows: oo 


(i) If § is a term which ip a variable, then, vim, L 8) = KE). 
That is, the valuation of § is the Wain in. aanlgned to . 
it by the interpretation L.. uh 

(ii) er is a term having the form gir. eat iE then 

V(M, 47) = o(V(M, Lt, Deere e VOM, Lt, ne That is, the. . 
valuation of Tf is teatid by first niaine valuations for 
the Tp which will be members of D, and then using e 
which is the function modeling the function name @, to 
- obtain a value in D from these’ arguments. 
(iii) if 8 is an atornic formule Ras seep he} then 
ma" 
VIM, 1,8) * B(V(M,17,),..., VOM, Lt. ‘)). ‘This is a 
truth value. 

(iv) The valuation of a formula having the teres -(B), 

(8) V (vy), (8) A(Y), (8) > (y), or (8) ® (y) ia obtained 
from V(M, I, 8) and V(M, I, y) uaing the truth tables for 
the propositional connectives. 

(v) The valuation V(M, 1, ¥&(B)) is T if V(M, J, 8) is T for 
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every J which is an interpretation identical to I except 
possibly for the value it assigns to the variable §&. 
Otherwise, the valuation of ¥§(8) is F. 

(vi) The valuation V(M, I, 4§(8)) is T if V(M, J,8) is T for 
at least one J which is identical to I except possibly 
for the value it assigns to the variable §. Otherwise, 
the valuation of 2&(8) is F. 


Proceeding from smaller to larger components in this manner, we 
see that a valuation V(M,I, &) is eventually defined. It is evident that the 
choice of the interpretation I is important only for the free variables in a, 
and that if @ has no free variables, the valuation is independent of I. So if 


a@ is a sentence, we simply write V(M,a@). 


Definition 6.7 


If M is a model in L, and @ is a sentence in L, then if V(M, a@) = T, 
we say that M satisfies a, and write M ka. 

If @ is a sentence in L, and all models in L satisfy a, then @ is valid. 
If at least one model satisfies a, then @ is satisfiable. If no models satisfy 
a, then a is invalid. 


The negation of a valid sentence is invalid and vice versa. We could 
draw the same sort of chart for valid, satisfiable-but-not-valid, and invalid 
sentences of first order logic, as we draw in Chapter Four for tautologies, 
satisfiable-but-not-tautological formulas, and inconsistent formulas of 
propoSitional logic. In fact, tautologies are a subset of valid formulas, if 
we define a first order formula that is valid from its propositional structure 
alone to be a tautology. Similarly, propositionally inconsistent formulas of 
first order logic are a subset of the invalid formulas. 

So far, we have discussed only sentences. What about other 
formulas? It turns out that there are two ways of regarding a formula with 
free variables. One way is to see the formula as belonging to some context 
which supplies interpretations or restricts the meaning of the free variables. 


For example, in the pair of formulas: 
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@x+2y = 1 
x + y® = 


one probably wants to solve for all interpretations that satisfy both formulas. 
_In the domain of real numbers, there are two of them. ‘The other context for 
a formula having free variables is to regard the formula as meaning the same 
thing as its universal closure. Yor cmmnpte: 
pin?x + von" x 21 

Here the meaning is thot this exwertion ts tree tor ail x, ie., ¥a(sin” x + 

2 
cos’x = 1). 


Definition 6.8 
For any formeels a, Mpa means. that. M #atisftes a closure ofa. A 
formula is vajid, . gatisfiable, or,  invatid if tte. clomare is yelid,. satisfiable or 


invalid, ec ene. 
Two formalas a and @ are equivalent, if a Ai valid, 
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1, Classify each ott folowing Pores a8 being ether valid, 
invalid, or satieHabie but not wedded, 


a. pix] ¥ spix] b. ixipix)) 2 Yaipixp 
Weiple) AExipixp sd. Uap, yf) > Walp lx, yp 
e. x+y = yt+x. f. Yet-apix)) 2 “Gxlpix) 


2, The sentence YWaety( tn-y] «<6> {eu ty) |< €) interpreted on the 
domain of real numbers augerts that fis. ‘a contimmeus fanction. Write a 
formula that asserts that fis a uniformly continuous function. Does one of 
these conditions imply the other logically? _ 

3. Show that each pair of formulas is equivalent: 


a. VE(ea A B) V&{a) A VE(B) 
b. F8la Vv B) T8(a) V HEB) 


c. V&(a Vv B) . Ve(a) vB where 8 has no free § 


~~ 


d. 4&(a > B) @ > 4&(B) where @ has no free & 
e. Ve(a > B) q&(a) 2B where 8 has no free & 
f. -4&(a) V§(ma@) 


86.3 Theories 


Definition 6.9 


A theory in a language L is a subset of L. 

If T, c To» then we say that T, is an extension of Ty and T, isa 
contraction of Ty. If L, ¢L,, then we say that Lo is an extension of L,, 
and L, is a contraction of L,. 

If Mkq@ for all aw € T, then MET. 

If TCL, and if MET implies Mra for all models M in L, then Mka. 


A theory is satisfiable if it has a model. 


Definition 6.10 


Two models M, and My in the language L are said to be first order 
equivalent if M, ka if and only if My La for every @inL. We write M, ~ My 
to denote first order equivalence, 

Let M, be a model in the language L,, and let Ly be an extension of 
L,. If My is a model in Ly which has the same domain as M, and the same 
interpretations for all the function and predicate names of L,, then My is an 
expansion of M,> and M, is a contraction of M,- (The word "extension" 
applied to models has a different meaning from "expansion" and is not used 


in this book. ) 


Problem Set 20 


1. Prove that if T¢ Lis a theory such that if a is any formula of L, 
then either Tka, or T bra, then all models for T in L are first order 
equivalent. 

2. Prove that if T, © L, is an extension of T, © L,, and M, is a model 


2 2 1 1’ 


in L, such that M, FT. then there is a model M, in L, such that M, FT,, and 


M, is a contraction of M,- 


1 1 
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As an example of a theory, consider the theory of partial ordering, 
which belongs to the language oe only the binary predicate '<" meaning 
less than. The theory is: 


7ax< x 
xSy2 ys zox<z 


This theory can belong to any language containing the predicate "<", Any 
model that satisfies this theory must be @ partie] ordering in the usual sense 
because these are the axioms for a partial ordering. 

Suppose we extend this theory by adding to it the tocoie dy{x< y). 
This says that given any object, there is another object greater than it. Then 
there must be another ‘object greater than thet, 2nd so forth. By applying 
the second axiom, which is a transitive law, we see that any object on this 
chain is < any object occurring further along the chain. The first axiom 
says that no object is < itself. ‘So we can conclude that this theory having 
three formulas has only infinite modela, i is watinfied rather easily, for 
example, by the real numbers, or the natural mumbers, or the transfinite 
ordinal numbers, by letting < have its customary meaning in each case, 

Another exampie of a theory is ‘the theory of groaps ander addition, 
formalized in a language with the binary predicate "= 2", - the binary function 
"+", the unary function "-", and the constant D. 


x=X x+{y+z) = (x+y)+z 
x=y-y=x x+Q=x 
Key > y=Z7x=z x+(-x) = 0 


X= yrPutv2xtu = yt+v 
x= yO-K= -y 


Any model that satisfies this theory is a group. There are, of course, 
many different groups, and in seme modets the plus sign must be interpreted ' 
by @n operation usually called multiplication, amd 0" must he interpreted by 
"1" or "el", The axioms in the left column are the axioms for equality in the 
language {=,+,-,0}. They are necessary to assure that we will be able to 
prove those things that we need to prove about equality. 
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Definition 6.11 


Let L be any language containing the binary predicate "=", We call 
such a language a language with equality.” «Mostdanguages that we.study will 
be languages with equality, The theory E,-,xor the: theory va: quality for the 
language L is the following set of. axioms: | & 


(i) x =x 
(ii) x =y>2y=x 
(iii) x =y2 y=z>x=z 


(iv) For each n-ary function name ¢ in L, the axiom 
x, = 9, >... > x, = Yn > OLX, +++ X,] = Olyys--05 Yn) 
(v) For each m-ary predicate name # in L, the axiom 


Xp Fy Pee OX, = Yan, > PUK yo oe MQ)? Pye +++ Vey] 


The number of such axioms depends on the size of the language L, and 
might be infinite. The first three axioms are the theory of equivalence 
relations. The rest of them are necessary, as we shall prove later, to 
assure that we have axiomatized equality as well as is possible in first order 
logic. 


Problem Set 21 


1. What is the theory of linear orderings? 

2. What is the theory of semi-groups? Of abelian groups? 

3. Which of the following theories are satisfiable? _ Find a model for 
each satisfiable theory. Which theories have finite models? 


a. 7x<x 
xSyrXy<z>x<z 
x< y > aGw(x < wA Vz(nx < z V mz < w)) 


b. The formulas of (a) and dy(x < y). . 


c. The formulas of (a) and 
Twax(w < x A Vy(y < x > dzly<zAz<x))). 
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d. The formulas of (a) and 
Gx(w< xAVyly <x 2Gzly<zAz<-x))). 


e. The formulas of (d) and 4xVy(-—x < y). 
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CHAPTER SEVEN 
FIRST ORDER LOGIC - DEDUCTION 


_ Preview of Chapter Seven 

We develop the mechanism for making formal deductions in first 
order logic. As with propositional logic, a deduction ie a step-by- step 
process for obtaining a conclusion from given premises, It can be inspected 
for correctness bya proof-checker. Most of the theorems in this. chapter 
are concerned with the existence of ‘demonstrations, and have the practical 
effect of saving us time. They will also have theoretical applications in 
Chapter Eight. The mechanism of substitution, a ‘necessary prerequisite, . 
is discussed first. 


87.1 Substitution 


In this book, we make a sharp distinction between the words 
3 " substitution" and "replacement" which is very usefyl, but has not won . 
general acceptance at the present time. . Qur notation.for substitution 
follows [Robinson], | We shall discuss replacement later ‘in this chapter. 

The LISP function subst (see §2.2) is a good example of a substitution 
operator. Subst[x, y, z] substitutes x for all occurrences of :y.inz. Some- 
times, we wish to perform several substitutions simultaneously on the same: 
object. For. example, we may substitute Q for-A, and & for B-in the 
s-expression (A B C), in which case we get(QR€). We.can define a LISP 
function sublis that does this. The first.argument is @ list of pairs, and the. 
second argument is the object of the substitution. The effect of each pair is 
to cause the first member of it.to be substituted for alt occurrences of the | 
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second member of it. So sublis{((Q A) (R B)), (A B C)] = (QR C). 


sublis[x, 8]* fatom[s}* subl{x, s], T + cons[sublia{x, car [s]}J, 
sublis[x, cdr{x]]]] 


subl[{x, s}] [null[x] * s, cadarfx} = 3 *caer[s], T * subl[cdr[x], s]] 


Sublis performs what is known asa simultaneous substitution. It does 
not substitute on that which it has already substituted. For example, 
sublis[((A B) (B A)), (A XBY)]=(BXA/Y). The alternative to simultaneous 
substitution is sequential substitution. In this case,. sitmakes: * considerable 
difference what is done first. Thus subst(A, B, st[B, A, (A x B Y)J] = 
(A XA Y), but subst[B, A, ‘subst[A, B, (A xB ii = 0 (B XBY).. 

For first order logic we shall need to ‘substitute t terms for variables 
occurring in formulas or terms, Forthermgre, we only substitute for free. 
occurrences of variables. An example of, a substitution, is to, sybatitute the 
term gly] for all free occurrences of the veriable x in the formula pix] > _ 
Gx(qix)). The result ts piety > Axtgix)). _Beceuse the gparation, of substitu- 
tion occurs frequently, we need a precise way of writing it, so, that, long. 
explanations are not necessary. If @ is any formula, T is a term, and § is a 
variable, then by @(7/€) we mean the formula obtained by sub: substituting 7 for all 
free occurrences of § ina. We also allow @ to be a term, in ‘which case all 
occurrences of § in-a ate free, We can: ‘ahio specify a simittancous substitu- 
tion, where each pair separated by d"' /" sérves the ‘aaine purpose as the . 

pairs in SUBLIS, These arecalted substitht{ion components. “For example, 
if @ is the formula pix} % aly then’ Meira Bes ry! the ¢ formula platy) A 
qfhtx, y }). a 

In addition to not substitating for bound ovcurrences: of a variable, 
there is another restriction in first order logic. msider the result of 
substituting gly} for all free ocour tended of ¥4in pl PN aytaty}> riz}. The. 
result is pfely}H A-aytaly] > rietyyp. We cart thie aii imnpréper subjititution . 
because the variable y in gly} 18 exptured’by the qudntiffe? if the second | 
instance (from: the: left) where 4: io webetituted!: “fr okuer that the Bubstitution 
a(r/§) be proper, itis neeessary thet wherever there ie 4’ fi'ee occurrence of 
€ ina, it is not within the scope of any quantifier that binds a variable that 
occurs int, When &(r/§) is proper, we also say "T is free for § ina". 
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Examples: 


1. If we substitute y for x in Y¥xdy(r[x, y), this is a proper substitution 
because no substituting occurs. There is no free xin the formula, and it is 
permissible for bound occurrences of x to be within the scope of a quantifier 
on y. 

2. If we substitute y for x in p[x, y] > Ixdy(q[x, y]), the result is 
ply, y] > Ixdy(q[x, y]). This is a proper substitution because wherever x is 
free, it is not within the scope of a quantifier binding y, although a bound 
occurrence of x is within the scope of a quantifier on y. 


Substitution plays an important part in the rules of deduction of first 
order logic, but in each case improper substitution is not allowed. We shall 
adopt the convention that substitution on formulas of first order logic is 

undefined if it is improper. In each case where a rule ‘using substitution is 
given, the rule does not apply when the substitution ig improper because no 
result is defined. F 

Formulas of first order logic are translated into LI§P as follows. 

The idea should be obvious by now. 


(i) If Tf is a term, then T* is obtained by using the same 
rules as for forms in the language of recursive 

definitions, For example, g{x,A], where A is an 
object, is translated into (G X (QUOTE A)). 

(ii) Atomic formulas are translated similarly. 

(iii) Composite formulas are vensiaes into (NOT a*), 
(OR a,* ... @*), (AND @,*..% + a), (EQUIV 
a,* a 2*)s (EXISTS §* a*),. aaa {FORALL &* a*), 
where ‘ie a's are formulas, and §' is a variable. 


Problem Set 22 an 


1. Write a LISP function sub which is the equivalent of sublis for first 
order logic. If a@ is a formula, the 7, terms, and.the §, variables, then 
sub[list[list[r,, 5 | rere list[T,.§ th @] is the formula @(T, IS y0+ oes 7/8) if 
the substitution is proper, and NIL otherwise. 


=F]. 


2. Write a LISP predicate inst of three arguments such that 
inst[a, §,8] is true if a is a formula, § is a variable, and there exists a term 
T such that the substitution @(r/§) is proper, and the result is 8. 


$7.2 The Rules of Deduction 


Definition 7.1 


A deduction is a numbered sequence of formulas each having a valid 
justification. There are five types of justification: 


(i) Given 

(ii) Mp i, j 

For this to be‘a valid justification of line n, it is necessary 
. thati<n, j<n, and if line (1) is the formula «, and line 

(n) is the formula f, then line (j) must be the formula a 2B. 

(iii) Taut 
If a formula of propositional logic is a tautology, then the 
result of substituting formulas;of firat order logic for all 
its propositional variables is a tautology of first order logic. 
All occurrences of a particular propositional variable must 
be replaced. by the same formula, . 

(iv) Qi and Q2 
Ql and Q2 are aciara schemas for firgt order logic. Each 
schema represente an infinite-set of formulas which are 
called the ingtances of the schema, if a formula is an 
instance of Q1, then Q] is a valid justification for it, and 
Similarly with Q2. The schemas are: 


-- 


Ql: = V§(a) > a(r/§) 
Qa: alr/§) 9 18a) 
where @ is any formula, § is any variable, and r is any term, 
and a(r/§) is a proper SUP Estenor:: 
(v) Q3 i, and Q4i 
Q3 and Q4 are rules of inference for first order logic. The 
distinction between a rule of inference and an axiom schema 
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is that a rule of inference depends on previous lines of the 
deduction. Modus-ponens is also a rule of inference. 
"Q3 i' is a valid justification for line n if i<.n, and there 
is an instance of the schema Q3 in which line (i) appears 


above the horizontal line, and line (a) appears below it. 


The case of Q4 is similar. 


a2 
Q3: > VE) 


. 2 a 
a SS a 


where £ is any formula, § is any variable, and @ is any 
formula which does not contain § free. 


If TT is any theory, and there is:a deduction in which only formulas that 


are in T are justified as given, and if the conclusion of. the deduction is the 
formula @, then we say that there is a deduction of. @ from T, and we write 
Tra. If there is a deduction of a in which no formula is justified as. given, 
then we say that @ is a theorem of logic, and we. write Fa. 


The following sequence of seven steps is: an example of a deduction in 
first order logic: | 


7 po 


V¥y(p[x, y]}) > pix, y] Ql 


p[x, y] > 4x(p[x,.y]) . Q2 
(¥y(p[x, y]) > p[x, y]) > (p[x, yi > ax(p[x, y])) > 

(¥y(p[x, y]) >ax(p[x,y}))) Taut 
(p{x, y] > Ix(p[x, y])) > (Vy(p[x, y]) > Ix(p[x, y]})) Mp 1,3 
Vy(p[x, y]) > Ix(p[x, y}) Mp 2, 4 
ax¥y(p[x, y]) > Ix(p[x, y]) —  Q45 
axVy(p[x, y]) > Wyax(p[x, y}) Q3 6 


Since this deduction has no given formulas, we may write 
raxVy(p[x, y]) > Vydx(p[x, y]). | 

The next example is a somewhat lengthy proof taken from the theory of 
formal arithmetic. It illustrates a great many. points that will be made in the 
next few chapters, and you may wish to refer back to it. For the present, it 
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aa 


is simply an example of a formal deduction. We prove the sentence 0'+0°=0 
from four axioms which are the first four lines of the demonstration. As an 
aid to comprehending the organization of the deduction, Nenceer ee subgoals 
are marked with an asterisk (*). 


1, Vx¥y¥z(x=y Dy=z>x=2) Given 
2. WxV¥y(xsy>x'= y) . Given 
3. Vm(m+0=m) Given 
4, ¥mYn(m+n =(m+#n)’) Given 
5. ¥m¥n(min =(m+n)’) > ¥n(0" +n'=(0'+n)/) Ql 
6 ¥n(0'+ n'= (0+ ny) Mp 4, 5 
7. Yn(0'+n=(0'+n)’) > 0'+ 0'= (0'+0)’ Q1 
(*) 8. 0'+0'=(0'+0) Mp 6,7 
9. Vin(m+0=m) > 0'+0=0' Ql 
(*) 10. 0'+0=0' | " Mp 3,9 
11. Vx¥y(x= y > x’=y) > Wy(0'40=y>(0'+0)"=y) © Qi 
12. Vy(0'+0 =y > (0'+0)'=y) Mp 2,11 
13, Vy(0'+0=y > (0'+0)'= 7) 2 0'+0=0'> 
(0 +0) =0 Ql 
14. 0'+0=0'>(0'+0)'=0” Mp 12, 13 
(*) 15. (0'+0)'=0"" Mp 10, 14 
16, Vx¥yV¥z(x=y 2 y=z2x=z)> ¥y¥z(0’ £0'= =y> 
y= z>0+0 =z) Q1 
17. Vy¥z(0'+ 0’= y >y=z>0'+0'=2z) Mp 1, 16 


18. Wy¥2(0'+ O's y Dy=2>0'+ 0/22) > 
¥z(0'+ 0’ = (0+ 0)’ > (0's 0)'= 2 2 0'+0'=z) Ql 


19. Vz(0'+ 0’=(0'+ 0)’ > (0'+0)'= z > 0'+0'= 2): ' Mp 17,18 


20. ¥2(0'+ 0’= (0'+ 0)’ > (Q'+0)/=z 30's 0'= =z) > 
-(0’+ 0’= (0'+ 0)’ > (0'+0)’= 0" > 0'+0'= 0’) Ql 


21. 0’+0’=(0'+0)' > (0'+ 0)'=0''2.0'+0'=0" . Mp 19, 20 
22. (0'+0)’=0''>0'+0'=0" Mp 8, 21 
23, 0'+0'=0" . . Mp 15, 22 


We may safely conclude from this example that deduction is an 
extremely tedious process full of needless repetition of similar patterns, and 
that something must be done to speed it up. We shall consider this subject 
later. 
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Problem Set 23 


1. Show (by writing a deduction) that each-of the fonowing formulas is 
a theorem of logic: 


a. Yx(p[x] = q[{x]) > (¥x(p[x]) = ¥x(q{x])) 

b. ¥x(p[x] = q[x]) > (Sc p[x]) = Selqhx))). 
c. Yx-p[x] 2 7ax(p[x]) 

d. Vx(p[x] 4 q[x]) = (¥x(p[x]) 4 Ya q[x])) 

e. ox(p[x] V q[x]}) % (Sd p{x]).V Sx(q{x]))- 
f. E(p[x] 4 q[x]) > (Se(p[x]) 4 Se(qix})) 

g. Yx(p[x]) > Ix(p[x)) 


2. Which of the following formulas are instances of Qi or Q2, and 
which are neither? Why? — 


a. ¥x(p[x]) > p[x] 

b. Vx(p[x, y]) > ply, y] 

c. Vxdy(p[x, y]) > fy(pigly], y)) 
d. piety]. y] > Ix(p[x, y) 


3. Define the unary LISP predicates axql and axq2 which are true if 
their arguments are instances of Ql or Q2 respectively. ; 

4, Define the binary ‘LISP predicates rig3 and riq4 which are true if 
the second argument is derived from the first argument by rules of inference 
Q3 or Q4 respectively. 

5. Modify proofchk So that it is a proofchecker for first order logic. 
The only modifications to the format of a deduction are () TAUT must handle 
substitution instances efficiently, and there is then no longer a need for INST 
asa justification, (ii) the justifications QL and Qa must be added, and (iii) the 
justifications (Q3 i) and (Q4 i) must be added. 


$7.3 The Consistency Theorem 

The statement of the consistency theorem for first order logic ia the 
same as the consistency theorem for propaesitiogal logic (theorem 4.14), but 
the meaning behind it is considerably more subtie. 
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Theorem 7.3 (Consistency Theorem) 
If TCL, @ € Land Tra, then Tha. 


Proof: The proof is by induction and follows the same lines as the proof of 
theorem 4.14. The induction hypothesis is that if T Fa; for j< i, then T Fo, 

where the deduction is the sequence Qs: see, n’ there @re seven cases ie 

consider, and the first three are the same as in the previous proof. 


(iv) If @, is an instance of Ql, then it has the form VE(B) > A(r/§). 
Let M be any esodet: and I any interpretation for the variables in this formula. 
If V(M, I, ¥§(8)) is false, then M, Ifa... If V(M, I, V§(8)) is true, then V(M, J, B) 
is true for any J differing from I at Ln at the variable §. In particular, 
there is that J that assigns to § the value which is V(M,1,T). © Therefore 
V(M, I, B(T/§)) is true because no variable in f is bound by quantifiers in 8, and 
so M,I ka, in this case also. What we have shown, then, ‘is that every 
instance of Q1 is valid. 

(v) If a, is an instance of Q2, this algo is valid, and the proof is left 
to the reader, 

(vi) If a. is derived from @. by the rule Q3, then since j j<i, the 
induction hypothesis is that Tka.. Let a. be the formula BC y, where § has 
no free &, Then a; is the formula 8 > VE(y), Let M be any model that 
satisfies T. Then ™, IB > y for all interpretations I, Choose one such I. 

If M, I does not satisfy 8, then M, If@,. if M, ThA, then M, I ky. also. But 
then M, J also satisfies 8 where J is any interpretation differing from I at 
most on §, becausé B has no free §. SoM,J also satisfies Y for all such J, 
and therefore M,1-V&(y). So M, Iba, in either cage, . and, the.conclusion is 
that The. 

(vii) If a, is derived from @. by the rule Q4, then since j < i,, the 
induction hvpothesis is that T ba. ce ‘ie a, be the formula B ~ ¥ where y has 
no free §. Then @, is the formula 2§(8) >’y. Let M be any model that 
satisfies T. Then M, If > ¥ for all interpretations I. © Choose one such I. 

If M,I-y, then M,I Fo. If'M, I'dees not satisfy ¥, then M,I does not satisfy 
8B. Let J be any interpretation differing from I at most on §. M,J does not 
satisfy Y because y has no free §. So M,J does not satisfy B, and since this 
is true for all such J, M,I does not satisfy 2§(8). SoM, Ifa, in either case, 
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and the conclusion is that T Fo. 


Corollary 7.4 


If Fa, then @ is a valid formula. 


Corollary 7.5 


If the theory T is satisfiable (has a model), then it is consistent. 


27.4 Existence of Deductions, Replacement 

Since deduction is a very tedious process, we would like to speed it 
up by introducing additional axioms and rules of inference. But, in fact, no 
matter how many additional rules we introduce, there will always be more 
that we would like to have. If we were to introduce a great many rules right 
from the start, then the proof of the consistency theorem would be very long 
because we would have to consider each rule separately and show that it is a 
valid form of reasoning. Now that we have proved the consistency theorem, 
we can deal with new axioms, and new rules of inference in a different way. 
What we can hope to show for each one is that it is eliminable in the sense 
that if we have a deduction using such an axiom or rule, then there is an 
effective way of obtaining a deduction that does not use it, but which proves 
the same conclusion from the same premises. 

As a very brief example of this, consider the rule: 


ri; *28,8>y7 
ay 


This is a derivative of the rule of modus-ponens which stated in this style is: 


a,a > 8 
B 


Now suppose we have a deduction that uses the rule Ri: 


1. a>B Given 

2. BrY - Given 

38. a-y R1 
~77~ 


We know that this proof can be expanded to: 


1 a@>8B Given 
2. BY Given 
3. (a> B)>(BD2y)>(@>y) =Taut 

4. (B>y) > (a> ¥) Mp 1,3 
5. a>y . Mp 2, 4 


This can be done in every situation in which Rl is used, so we can say that 
Ri is constructively eliminable. The consistency theorem then guarantees 
the correctness of the rule as a method of reasoning. This not only shows 
that it is correct reasoning, it shows that the introduction of. the rule does not 
alter any of the properties of first order logic. that we may prove in the 
future, becauge the rule itself is not essential to any deduction in which it is 
used, 


Problem Set 24 


1. Show that the following are constructively eliminable rules of 
inference: 


. V8(a) . ~Ms(a) 

QX1:  Gtr7e) QO: aGT®) 
a 7a. 

QX3: vEay QX4: Saga) 


_ alr/§) 
QX5: tay 


2. Rules Q3. and Q4 are necessarily stated as rules of inference, and 
cannot be treated as axioms. Show that the following schemas are not valid 
by describing counter-model for an instance of each schema. 


a, (a > 8) >(a@ > V&(B)) where a@ has no free §. 
b. (8 >a) > (38(8) > a) where @ has no free &§. 


The formulas @ and a(¢/€) are said to be similar if the variable € does 
not occur free in a, andif € is free for §€ ina. When this is true, it will also 
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be the case that § does not occur free in a(€/£), and § is free for € in a(€/§), 
and a(€/§)(§/%) is the formula a. 


- Theorem 7, 6 (Change of bound variables) 
If a and a(@/§) are similar, then Ysa) & + VE(a(E/S)), and Fa§(a) = 


40(a(0/§)). 
Proof: 
1, V&(a) > a(C/§) Q1; Why is this substitution proper? 
2. VE(a) > VE(ade/€)) Q3 1; Can V&(a) have free (?. 
3. VWE(alt/s)) 2a Qu Ge ee 
4, VWE(a(€/€)) > ¥E(a) Q3 3 
5. V&la) = ¥0(a(E/§)) Prop 2, 4 


The d case is symmetrical in form. . 


You will notice that as we acquire more techniques, deductions will 
become more and more condensed. At this point, there ig no longer any 
reason to write out in full any sequence of steps that depends merely on 
propositional logic. We aa write "Prop* and Hat the ‘antécedents. 


The distinction between replacement and substitution is that 
(i) replacement refers'to replacing of an entire stractufe of some sort by 
another, whereas in substitution we always substitute in place of something 
atomic such a6 an atom or a variable, and (ii) it ia not’ necessary to replace 
all occurrences of a given structure, but only as many as we wish. The 
semantic justification for replacement’ ts that something may be replaced by 
something else that is in some sense its equal or equivalent. " The semantic 
justification for substitution, on thé other hand,” is that’ we’ are obtaining a 
particular instatice of a general statement. 

An example of replacenient is to take ‘the formula ols 0’ = (0'+0 od 0)’ and to 
replace the underlined terth with the term'0% Our justification for doing this. 
is that we have alrestly corciuded that these two teins are ‘equal, i. e., 
0+0=0. The reo of the replacement: is 0'+0' = (05) or dropping paren- 
theses, 0'+0'= 0’... Another example is to replace the first oceurrence of 
2+2in (2+2)+2 = (2+2)+2 with 4 because we already have 242, = 4, This 


qf 
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gives 4+2 =(2+2)+2. This is valid, even though we have not replaced all 
occurrences of 2+2. 

Now consider the substitution of 2 for x and 3 for y inx+y = y+x. 
This gives us 2+3 = 3+2, which is an instance of the general rule. 2+3 = 
y+x has no useful meaning because partial substitution does not accomplish 
the purpose of substitution. Notice, also, that it is not. meaningful to 
substitute for a constant. 

It is important that entities that get replaced are proper sub-expres- 
sions in whatever context they appear, and not accidental pseudo-expressions 
caused by juxtaposition. For instance, if we start. with the equation 2+3x*4= 
14, and then replace "2+3" with "5", we get 5 x4=14, which is incorrect. 
"243" is not a sub-expression of "2+3 x4" because the conventional associ- 
ation is "2+(3 x 4)". 


e. 


Theorem 7.7 {Replacement of Equivalent Formulas) 


Let a and f be two formulas such. that. Tre # B.. Let y be any formula, 
and 6 be a formula that is obtained by replacing some (but not necessarily all) 
occurrences of @iny by 8. Then Try * 6, 

Proof: We begin the proof by identifying certain sub-formulas of yand 6 as 
"corresponding components", If an @ occurring in y.is replaced by a Bin 6, 
then the @ and the & are corresponding components. Any. sub-formula of ¥ 
which contains no occurrences of @ that. get replaced, ,and is not contained in 
a larger such formula is also a corresponding component to the sub-formula 
of 5 which is identical to it both in content and in position. The formulas y 
and 6 are thus built up identically, starting with corresponding components | 
using the propositional connectives and quantifiers... Also, corresponding. 
components are either identical, or elge one ig @ and:the other.is 8. In 
either case they can be proven equivalent from T.. We. proceed by induction 
on the number of propositional connectives and the quantifiers, to show that 
this equivalence extends up. to the formulas y and 6: (i) If y, is “79, and 6, 
is 74,, and TRY) = 6,,. then Try, ? = 4 because. Ny a 4 prey, a6 1) is a 
tautology. (ii-vi) The cases for the other propositional. eee and the. 
universal quantifier are left to the reader. (vii) If % is GY), and 6 is 
A8(6, ), and Try, # by» then Try, al 6 because VS(¥, = 6) follows by rule QX3, 
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and because FV§(y, 6) > (48(y,) = 4§(6,)). (See problem set 23, No. 1b.) 


Theorem 7.8 (Replacement of Equal Terms) 


. ' Let T be a theory with equality (i.e., Er CT). Let T and T, be 
terms such that TH, =.T,, let a be any formula, ‘and let 8 be a formula 
resulting from replacing some occurrences oft, in a by To. Then Tra = B. 
Proof: By induction on the depth of the terms in:a. -Let the corresponding 
components be:terms, either T) and the %, that replaces it, or identical terms 
that are in indentical positions in @ and 8, and are. the largest possible such 
terms. If@and@ are corresponding terms, then they can be proven equal. 
from T. Larger terms are built from thease by: function composition. Let 
e1R;. -++,0,) and 9[@,...., @. } be in corresponding positions, and by the 
induction nyactheats Tro, = OF Then these terms. can be proven to be equal 
because there is an axiom in-E, which, is. Xypet Wy P20 PX, = ¥;> 
o[x,, wees x] = ely,; aes Y,)- Similarly, once ali terms in corresponding 
positions are equal, the atomic formulas. can be proven: equivalent from the 
reflexive axiom of equality (x = y >-y = x) and the double application of the 
axiom Ey. which is = Yy 7 Ki? Yan 2 Blox, 6. ar Xm! a) ely,» Siear Ymk 
Once corresponding atomic formulas are proven equivalent, the induction . 


proceeds as in theorem 7.7. 


We introduce one more derived rule of inference obtained from Q3 and 
Ql: 
a Z 
Inst) ————————__—_—_—_— 
@(Ts/5,,---5 7/8) 
where the 5. are distinct variables, and the meteor is proper. 
A sorter demonstration for 0'+ 0 ='0' can now begiven: 


1. m+0=m Given 
2. m+n =(m+n) Given 
3. 0+0=0 | Inst 1 
4, 0'+0°=(0'+0) | Inst 2 
5, (0+ 0'= 0" Replacement 4,3 
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$7.5 The Deduction Theorem 


The deduction theorem for first order logic is rather subtle, and 
takes some effort to understand, but.a correct perception of it will yield a 
lot of insight. into the nature of rules Qi thru.Q4. TFhe-most naive statement 
of the theorem is actually false, It is not the case that if.T U {a}rA, then 
Tra > 8 for any formulas @ and 8. if this.were true, then since p{x}*V¥x(p[x]) 
by QX3, it would follow that +p[x] > ¥x(p[x]), and then by another application 
of QX3, FVx(p[x] > ¥x(p[x])). But this sentence is not valid; it is not satis- 
fied by the model on the domain {@, 1} where p{0} is true, and p[{1] is false. 

We have chosen to interpret a formula standing as a line in a deduction 
as being equivalent to its universal closure. In fact,’ the rules QX1 and QX3 
allow universal quantifiers to be added or stripped from the beginning of & 
formula at will as long as they take the whole formula as their scope. 

The trouble seems to be that when such an ‘open formula is incorpo- 
rated into the left side of an implication, it is negated because a > 8 is the 
same asa V8, But its implicit universal quantifier gets left outside the 
negation and causes the error. 


Theorem 7.9 (First Deduction Theorem) 
If T U {a}h8, and @ is a sentence, then Tra > #, 


Proof: By induction on the demonstration B,. cae B, = B. (Please review 
theorem 4, 7. ) 


(i) If B, is a tautology, then so is a > B;. 

(ii) If B, is in T, then a@ > B; is derivable from B., 

(iii) If B, is @, then a > @ is a tautology. 

(iv) If B, follows from two antecedents by modug-ponens, then by the 
induction i souiesie a->8.anda> B, 2 B;) are provable from T. Then 
a> B. is provable from these by propositional logic. 

(v) If B; is an instance of Q1 or Q2 then a 9 B; is derivable from B.. 

(vi) If B, follows from B, by an application of ay then B; is y> 6, ai 
B; is y > V&(6) eiake yisa ieee that has no free §._ By the induction 
hysoth@eia: Tra >8. or Tra >(y>5), From this we derive (a A y) > 4, 
and then apply Q3 to get (@ A y) > V&(é) which is valid because @ is a sentence, 
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and so has no free §, From this we can get a > (y > V§&(5)), 

(vii) If B. follows from Bs by Q4, then B, is y>56, and B. is FE(y) > 6 
where 6 has no free §, By. the induction hypothesis, Tra > (y > §), fram. 
which we deduce y >(a@ > 4), Since a has no free 5. we can apply Q4 to this, 
getting I£(y) > (a > 8) and then rearrange to get a > (F8(y) > 6). . 


A formula is said to depend on a preceding formula in a deduction if 
there is a chain of antecedents working back to the preceding formula. If the 
conclusion of a deduction does not depend on one of the given formulas, then 
we could omit that formula and all its dependents without sacrificing the 
conclusion, 

A variable is varied in a deduction any time Q3 or Q4 is used with that 
variable being the § mentioned in the deduction rule. | 

The fact that of the original rules of inference only Q3 and Q4 can vary 
a variable is quite significant. Suppose that the formula p[x] is given ina 
deduction. Without using Q3 or Q4 it is quite impossible to derive from it 
p[5] or V¥x(p[x]) or ply]. Only these two rules have the power to sa lal a 
free variable universally. 

We stated earlier that the intended interpretation of the fact that B is 
deducible from @ is that the universal closure of & semantically implies the 
universal closure of B. Let us consider a different interpretation, What if 
the interpretation of the deduction a@t8 was that for any. M and I if M, Ika then 
M, kB ? A study of the deduction rules and axioms of logic shows. that all of 
propositional logic, including modus-ponens as well as Qi and Q2,. preserves 
this interpretation. But Q3 and Q4 do not. 

So if p[x]*q[x], then we can certainly conclude that ¥x(p[x]) > ¥x(q[x]) 
using the standard interpretation of closure.’ If, in addition, the variable x 
is not varied in any formula that depends on p(x], then x has remained 

_constant, so we can conclude using the deduction theorem that p[x] > q(x]. 


Theorem 7, 10 (Final Deduction Theorem) 


If Tu fa) FB, and no variable occurring free in @ is varied in any 
formula depending on @, then Tra > B. , 
Proof: We shall reconsider case (vi) of the proof of heotem Tas, and let the 
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reader do the same for case (vii). B.is y> 5, where y has no free §, and 
B. is y > 4£(8) and is derived by Q3. If a does not contain free g, then the 
aonecruction described in the previous proof atill works. On the other hand, 
if 8. is not dependent on a, then THB» and so 10 THB,. _ Then by propositional 
logic, Tra > B.. 


The deduction theorem makes many deductions shorter to write and 
easier to organize conceptually. As a brief example, we demonstrate 
0+m=m. The third line is what is known as an induction axiom, and is 
part of the theory that this proof is taken from. 


1, m+0=0 —__, Given 
2. m+n = (m+n) | Given 
3. (04,0 =0)2%m(0tm=m20+m=m)> | 
¥m(0+m = m) Given 
4, 0+0=0 . Inst 1 
5. Vm(0+m = m>0O+m = =m) > ¥m(0+m =m) Mp 4,3 
(6) 6. Ot+m=m - Assume 
‘7. O+m’ = (0+m)’ | | Inst 2 
(6) 8. O+m' =m’ | | Replacement 7, 6 
9, 0O¢+m=m>0+mim | | Discharge 8, 6 
10. VWm(0+m = m2>0+m = m)  - QK3 9 
11. Ym(0+m = m) Mp 10, 5 
12. O0+m=m ; _ QX1 | 


The rules for incorporating the use of the deduction theorem into 
formal deductions are: 3 

(i) There is a column for noting devendedsies: (we \onte. it to the left 
of the line number); 

(ii) When a line is justified by Assume", its own line number goes in 
the dependency column. Several such lines may appear in a deduction. 

(iii) When a line has one or more antecedents under some rule of 
deduction, the dependencies of the antecedents are ‘inherited. This means 
that a Hine that is dependent on several assumed lines will have the line 
numbers of all these assumed lines in its dependency column. (If a line is 
dependent on an assumed line through several different paths, ‘the line number 
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of the assumed line still appears only once in the dependency column of the 
dependent line. ) 

(iv) A variable in a dependent line may not be varied if it appears free 
in any of the assumed lines that the dependent line depends on. This must be 
explicitly checked out when eens Q3, Q4, or aay ‘pale of inference derived 
from Q3 or Q4, aan 

(v) A dependency is removed by the process of discharge in which the 
assumed line is introduced as the premise of a>... The dependencies may 
be removed in any order. (Refer to the transition from lines 8 to 9 in the 
preceding example. ) 

(vi) Only an independent line (having nothing in its. dependencies column) 
is a valid conclusion of a deduction. 


37.6 The Choice Rule 


When reasoning informally, we sometimes prove that there exists an 
x having a certain property, and then say, "Let k be such an x," If the 
constant k has not been used before in'this chain of reasoning, its interpre- 
tation has not yet been restricted in any way,.s0 no.problem is created by 
doing this. The choice of the name k is arbitrary, so if we succeed in 
proving some result that does not involve k, then. we should:be able to prove 
the same result without mentioning k. It is important to realize that 
inventing the name k does not introduce a new object into the model of one's 
subject matter. It is only a new name that is beitig created, and it could turn 
out that the new name really describes an opsert already familiar under a 
different name. 

In first order logic, a constant is a function of no arguments. 
Properly, it should have a set of brackets followirig it. So k{] is a constant. 
But often we omit the brackets for convenience, (In s-expression notation, 
which is more strict, a constant is enclosed by parentheses, For example, 
k[] translates into (K), This will dlways serve to distinguish a constant from 
a variable which would not have the parentheses, or an object which would be 
translated as (QUOTE *). ) 
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Rule C 


Within a deduction, if we have obtained a line which is 
the formula 4§(@), then we may derive from this the line 
a(~[]/5) where @ is a new O-ary function name. The justi- 
fication for the derived line is 'Rule C j", where j is the 
line number of the first formula, If a has free variables 
other than §, then it is necessary not to vary any of these 
in any formula that contains the constant 9[]. 

The conclusion of the proof must be a formula that does 
not have any of the new constants ¢[]. 

A deduction may have any number of both assumed lines 
and applications of Rule C. 


Example: 
(1) 1. Vady(p[x, y]) 4 afx, y) Assume 
(1) 2. dy(pi{x,y] 4 qixs yp QX1 1 
(1) 3. p[x, k] A qfx, k] Rule C 2 
(1) 4. pfx, k] | Prop 3 
(1) 5. Yy(plx, y) QX5 
(1) 6. Wxdytp{x, y}) . QX3 
(1) 7. Vxdy(qfx, y)) - Similarly 
(1) 8. Vxdy(p[x, y]) A Vxdylq[x, y])) Prop 6,7 
9. Vxdy(p[x, y} 4 alx. ¥ 2 > (Vaiy(pfx, y]) A 
iealy(qlx, y))) Discharge 8, 1 


Notice that the application of QX3 in line 6 varies x which occurs free 


inline 3, This is’ valid because lirie 5 does not have the constant k. If 
steps 5 and 6 are done in reverse order, i.e., Vu(p[x, k]}) and then dy¥x(p[x, y |), 
the result is not valid. 


The validity of Rule C depends on the fact that any conclusion not con- 


taining the new constant names can also be derived from a demonstration not 


using Rule C, as the following theorem shows. 


Theorem 7.11 (Elimination of Rule C) 


If Tra using several applications of Rule C, and @ does not contain 
any occurrences of the constants introduced by Rule C, then Tra@ without using 
Rule C. . 
Proof: We shall prove the theorem for the case that only one application of 
Rule C is made in the deduction, and let the reader extend the proof. 

Let line (i) be obtained from line (j) in the deduction by Rule C, 
where line (j) is 2§(8), and line (i) is B(y[]/5), ando is anew constant. To 
show that Tra without the use of Rule om we shall show that this is true for 
each line in the deduction which is dependent on line (i), does not contain 
the constant ¢, and is the first line in its dependency path going back to line 
(i) not to containg, Let these lines be the formulas y, thruy,. If Try , 
without Rule C for each such y, the conclusion follows. | 

_ It is obvious that T U (B(y[ V5} -¥ without use of Rule C. We can apply 
the deduction theorem here because we have explicitly stated that no variable 
occurring free in B(g[]/§) may be varied in any line containing occurrences of 
~. Therefore, TrB(~[]/§)->y¥. Now take any such deduction, and replace 
every occurrence of ¢{] in it with a variable € not occurring in either T or this 
deduction. The deduction is still valid, and its conclusion.is A(€/§)> y. By 
Q4 we get 20(A(C/5)) > y. But 4§(8) is already provable in T, and so by some 
changing of variables and modus-ponens, we get Try. 

Note: We did not consider the possibility that y depends on A(p[]/§) by 
two different paths, and that it has two immediate antecedents, and is the first 
formula in one path not to contain gy, but the other path has been free of ¢ for 
some time and may have varied some of the variables of B(g[]/§). But the 
only rule of inference to have two antecedents is modus-ponens and if the 
conclusion of modus-ponens has no 9g, then either both or neither of the ante- 
cedents have @, and so the situation does not arise. 


Theorem 7.12 (Constant Extensions) 


If T © L is a consistent theory, @ is a formula in L containing only § 
free, and @ is a O-ary function name not in the vocabulary of L, then 
T J {9§(@) > a(y[]/§)} is a consistent theory, and if 8B € L is provable in this 
theory, then 8 is also provable in T. 
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Problem Set 25 


1. Prove theorem 7.12. (Hint: You will need as a lemma }4§(a > 
B) > (a > 3§(8)) when @ has no free §. The method of proof is similar to the 
proof of theorem 7.11.) - 

2. Why isn't theorem 7,12 valid if 1£(a) is not a sentence? 

3. Theorems 7.7 and 7.8 state that: 


(i) a = Bry 36 
and (ii) T, = Toko 3 B 


where (i) 6 derives from y by replacing some occurrences of @ with 8, and 

(ii) 8B derives from @ by replacing some occurrences of T, with T,. If these 
theorems are applied to dependent lines in a proof making use of the deduction 
theorem, then it is important to know which variables are varied in the , 
deductions symbolized by "F"' in lines (i) and (ii) above. This is so that no 
conditions of the deduction theorem are violated. Precisely which variables 

- are varied in these deductions? Why is line 8 of the deduction following 
theorem 7,10 valid? | | 
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CHAPTER EIGHT a 
FIRST ORDER LOGIC - COMPLETENESS | 
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$8.1. Completeness 


The completeness theorem is simple to state, but lengthy to prove. 
We want to show that if T ko, “then Tra, It turns out that. if, we can show. that 
‘every consistent theory has a ‘model, then the “completeness, theorem follows 
almost immediately. So given a consistent “theorem T, we want to obtain a 
model for it. Since we have to do this in the abstract, i.e., for any, theory, 
the only stuff we have available for the purpose of building a model is the _ 
vocabulary of the theory itself. To further’ comnplicéte thatters, there is no 
unique or canonical model. for most theories, ‘s6'the etivice must be somewhat 
arbitrary. The program is roughly.as follows: aaa 7 
(i) We show that more constants can be added to the language of the 
theory so that there is a name for every object that the theory aseérts- must — 
exist. et gyestae ' 
_ (ii) We next extend the theory arbitrarily until it is complete... 

( iii) We then show that there ig a.get-of terms, in the enlarged: language 
that serves as the domain for a model in a fairly natural way. This model, 
with the extra names thrown away, is a model for the original theory. 

The completeness theorem was first proved Jby Gbdel.. The present 
proof is derived bys method first used by "Henkin, 


Lemma 8. 1 (Lindenbaum's Uemma)® 
ee ee nS ae eee ght RREE OE ET, S 


Every consistent theory has a consistent complete extension. 
Proof: Given TC -L, a consistent theory. | Let i "2! tee be all the! sentences 
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of L. Let Tp be T, and T,,, be T, U fa..43 if a, is independent of Ti 
otherwise let T, i+1 be the same as T;. Let T* be the union of all the T;. We 
show that each T; is consistent by induction on i. To is consistent because 
itis T. Assume that T, is consistent. If T,41 is the same as T;, then it is 
consistent. If it is not the same, then T,,, is T,.U {a,,4/. where a@,,, is 
independent of T;: If T, 41 Were inconsistent, then anything could be 
deduced from it, and in particular T, 4° i+’ 8° by the deduction theorem, 
Tyra, > G4, OF T,Rr@., which contradicts the fact that a. i+] 
ent of T.. So all the T are eae and therefore T* is consistent because 
any eontrediction in T* would also be contained in some sufficiently large T;. 
To show That T* is compiete, let 8 be any formuja in L. Then its iniveseal 
closure is one of the a. If a, is independent of Tye then a. € Ty so in any 
case, @. is provable or refutable in T, and hence in T*, and so is 8. 


is independ- 


Definition 8.2 


A ground term is a term with no variables in it. A ground formula 
is a formula with no variables in it. (A ground formula is always a sentence, 
but not all sentences are ground formulas. ) 


Definition 8. 3 


A theory T © L is a Henkin theory if there is at least one ground term 
in L, and if whenever 4&(a@) is a sentence that is provable from T, then there 
is a ground term T in L such that Tra(t/§). . 


Lemma 8,4 


If TC L is a consistent theory, then there is an extension T* of T in 
an enlarged language L* which is a consistent complete Henkin theory. 
Proof: Let To be T, and Lo be L. Let k,. y for i21 andj 21 bea set of 
constants not in L, Given the language L,, we define the language Liga by 
adding the constants a v kid, g* +++ to it. Given the theory T, c cn 
we define the theory Ti, cL, +1 by enumerating all the sentences of L; having 


only the variable x ieee (let this enumeration be a@ iw’ a i,2°° -) and adding to 
T; all the sentences of the form @x(@, iy i Kid, ;/*) ‘for see Pe Pa eee 
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Let L* be the union of the L,, and T, be the union of the T;. Tis 
consistent because it is derived from T by adding a great many new formulas, 
each one of which is a consistent extension by thearem 7.12. Let T* bea 
consistent complete extension of T. by lemma 8.1. To show that T* is.a 
Henkin theory, let 3&(B) be any sentence of L*. Let I, be the least language 
of which it is a member. Let &(y) be an equivalent formula by change of 
i+1, ;/*) isa 
ivy? and Wievetoxe: T*. So if 3§(B) is provable in T*, then so is 


Blk, ne j/ §) via several operations on bound variables. _ 


bound variables. Then ¥ is a. . for some j, and 4x(¥) > y(k 
member of T 


Lemma 8,5 
A consistent, complete Henkin theory has a model. 


Proof: Given the theory TCL, let D be the set of ground terms in L, but 
underlined. (If g{h{]] is a ground term in L, then gfh{jj € D.) . D is non- 
empty because a Henkin theory always has at least one ground term. Let ~ 
be an n-ary function name in L. We define the function p to interpret ~ as 
follows. IfTl,...,Tn are objects of D, then (Tl,...,Tn) is the object 
g(Tl,...,Tn]. Let y be an m-ary predicate name in L; then we define p(T1, 

.»Tm) to be true if and only if Trpji,, aa s%s Tale This defines a model in 
L. Call it M. : 

To show that MFT, we shall prove that if a is any sentence in L, then 

Tra if and only ifMfa. The proof is by induction:on the-total number of 
logical connectives and quantifiers in a, Induction basis; If there are no 
quantifiers or logical connectives in a, then a@ must be a ground atomic 
formula. Then Tra if and only if Mfa@ from the definition of function and 
predicate interpretations in M. Induction step: (i) Lf is “8, then if Tra, 
then § is not provable in T because T is consistent, and hence not satisfied by 
M by the induction hypothesis. So M ka. If M ka, then M does not satisfy 
8, and 8 cannot be proven from T. Since T is complete, Tra. (ii) The rest 
of the logical connectives are left as an exercise. (iii) If @ is the sentence 
4§(8), then if Tra, there is a ground term T such that Te A(r/ &) because T is 
a Henkin theory. The sentence A(r/§) has one less. quantifier than @, and so ~ 
by the induction hypothesis MkA(r/§). Therefore, -Mi8(8). Now suppose > 
that MEZE(8), Then M,If8 for some I interpreting € as an object in the 
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domain Dof M. But this object r is an underlined ground term, and given 
the special way M was defined, M kA(+/§). By the induction hypothesis, 
TrB(r/€), and so TraE(8). Gv) The V case is left as an exercise. 


Theorem 8.6 
Every consistent theory has a model. 


Proof: It has a consistent, complete Henkin extension in an enlarged language 
by lemma 8,4. By lemma 8.5, this theory has a model. Then removing 
the interpretations for the new constants from this model gives a model for 
the original theory. (See problem set 20, No.2.) 


Theorem 8.7 (G&del's Completeness Theorem) 

If Tka, then Tra. 
Proof: (If @ is not a sentence, consider its closure.) © If T ka, then TU {na} 
has no model, Therefore it is inconsistent by theorem 8.6. So anything can 
be proven from it. In pafticular, T U {>a)}hra, and-so by the deduction 
theorem Trrna >@, or Tra. 


Theorem 8.6 (Compastness. Theorem) 

If T is riot eatisfiable, then there isa finite subset of T that is not 
satisfiable, 
Proof: By theorem 8.6, if T is not satisfiable, then it is inconsistent. The 
demonstration of inconsistency must come from finitely many formulas of T. 
This finite inconsistent sub- theory has no model ney corollary 1. 5. 


Theorem 8. 9 (Skolem-LUwenheim Theorem) 
If a theory haga model, it hasa countable model, 


Proof: If the theory has a model, then it is consistent by corollary 7.5. If 
it is consistent, then it has a model (theorem 8: a which: is countable wes the 
method of proof of:lemma 8.5. : : 


The reason for producing these results in such rapid succession is to 
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demonstrate how many of the significant properties of first order logic follow 
from one central argument. 

The completeness theorem has several useful interpretations. One 
of these is that first order deduction is strong enough to derive any conclusion 
which is valid. When we put completeness and consistency together, we have 
Tra if and only if T ka. Therefore, the limitations of first order logic are 
linguistic. If a certain formula @ cannot be derived from the theory T, it is 
because there are models for T in which @ is false. “ae Tis supposed to 
describe some model M in which @ is true, then it evidently is not a complete 
description of M. “ . : 

The completeness theorem allows us to assert many facts about 
provability without producing constructive proofs. Instead, we argue the 
case that something semantically follows from some theory, and then assert 
its provability from that theory by using the completeness theorem. 

On another level, the completeness theorem in the form of theorem 
8.6 provides a, criterion for the existence’ of mathematical entities. If we 
invent some set of postulates, when is there a mathematical entity to which 
they apply? If the postulates can be formalized as a first order theory, then 
it is sufficient that they be consistent in order for there to be a model for 
them. Lemmas 8.4 and 8.5 show that consistent language, suitably extended, 
provides its own model or subject matter. 


$8.2 Equality 

We return now to the problem. of equality.  In-96.3, a set of axioms 
Ey, for the equality predicate was proposed. In $7.3, it was proven that EL 
is sufficient to prove the equivalence of fornralus containing equal terms. [n_ 
this section, we consider the model theoretic aspect of equality. From now 
on, we shall assume that any theory in a language containing the predicate "=" 
is an equality theory (has E, as a subset) unless we state otherwise. 

In $6.3, we discussed a theory that ’had only infinite models. Is 
there a theory that has only finite models? © Cénsider the theory: 

Ey, 


Ixdy((x # y) A Vatu = 2Vy = 2) 
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Intuitively, this theory seems to say that there are exactly two different things 
‘that exist. It is satisfied by a mode] containing 0 and 1, with 0 #1. But it 
is also satisfied by the model whose domain is the integers if we interpret "=" 
to mean "congruent mod 2", There is nothing in the theory that prevents such 
an interpretation, although this is not the standard. interpretation of rem 
Furthermore, there are no axioms that can be added to the theory that would 
eliminate such interpretations. 


Definition 8.10 


If Lis a language with equality, then a normal model in L is a model 
in which the interpretation of ''="" is that any member of the domain of the 
model is "=" to itself and not "=" to any other object in the domain. 

Clearly, any normal model for the two object theory must have 
cardinality 2. So there is an advantage to considering only normal models, 
Since these are the ones we want anyway. The validity of this approach is 
confirmed by the following theorem. 


Theorem 8,11 


If T is a theory with equality, and M is any model for T, then there is 
a normal model M* which is first order equivalent to M. | 
Proof: In the model M, there is an interpretation for the predicate name '"'="' 
which we shall denote by the symbol "~". Since "~' satisfies the first three 
axioms of E, , it is an equivalence relation on the:domain D of M, and 
partitions D into co-sets. If d€ D, then we denote the co-set of all elements 
of D which are ''"~" todas [d]. The set of all such co-sets will be called D* 
and is the domain of the normal model M* that we seek... We define function 
interpretations in M* by the following equation, where. pis the interpretation 
of 9 in M, and@ is the new interpretation being defined on D*. 


Bld, L.- +. {4,) is (Old, ..-.4,)) 


That this is a consistent definition independent of the particular elements 
chosen to represent the co-sets follows from the fact that in the model M, the 


interpretation ~ of 9, and the interpretation "~" of "=" must satisfy axiom 
schema (iv) of E, and therefore if d, ~e, for 1 in, thenQ(d,,...,4.) ~ 
L i i 1 n 
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Be, asete ave e,) and so fold,. Seed 1)! is the same co-set as fole,. coe mar 

The interpretation ZB ofa predicate name #, is derived from the jnterpretaiion 
rs similarly, and the consistency of this definition foliaue from axiom schema 
(v) of E, . _ a 

To show that M ~ M*, oe a be any formula of L, and: I an.interpreta- 
tion of the variables of @ into D. Define the interpretation Tk by P*€€) = 

[1( g)). Then show by induction on the logical connectives: and quantifiers of 
a that if 8 is a ‘subformula of @, then M, kA if and only if M*, I* KB, 


From now on, when we speak of a model dp, a language with equality, 
we shall mean a normal model unless we explicitly stete otherwise. 


e. 
a 


~ Problem Set 26 


(All languages and theories have equality, and ‘all models are normal. ) 


Le. Specify a theory having infinite models, and finite models of cardin- 
ality 3 xn for every n2z1, end aad no finite models whose cardinality is not 


.&@ multiple of three. 


2. Specify a theory having models of cardinality p for every prime 
number p,' and no other finite models. — 

3. Prove that if a theory has arbitrafily latge finite models, that it 
must have infinite models. (Hint: Use the compactness theorem. y | 

4, Prove that if'a consistent theory is éomplete, all models for it 
either have the same finite dardinality, or elae # they are all infinite. : 


$8.3 The Skolem-Ldéwenheim Theorem 


This theorem was known early in ‘thig, century efor the. completeness 
theorem was proven, It then, had to have a proof. that Mid not depend on 
deduction at all, but was entirely model-theoretic. in nature, although the 
term "model" was-not used until somewhat Jater.. . 

If we consider a logic: with equality,, then, the Sxqlem-LBwesheim 
theorem states that every satisfiable theory. has a finite or countable. dnormal) 
model, This is rather puzzling becauge we can formalize the theary of real 
numbers in first order logic. This theory at first, sight.geems to require a 

model containing at least all the real numbers. ..When we study the axioms, 
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we find that they require the existence of all real roots of polynomials, and 
all real numbers defined by limits or integrals such as 7 or e or logarithms 
or Bessel functions. The theory even asserts topological closure properties 
such as that every non-empty set of real numbers bounded above must have a 
least upper bound. How then can this theory have a countable model? 

This is known as Skolem's paradox, and the problem seems to lie 
either in our naive assumption of the absolute notion of "uncountable", or in 
the limitations of symbolic language to discuss what really exists. _ (You can 
take your choice.) The fact is that if we take a "description" to be a piece 
of writing of finite length composed of discreet symbols from a finite alphabet, 
then the set of all potential descriptions is countable. So regardless of what 
we consider to be acceptable or well-defined descriptions, we can only des- 
cribe countably many real numbers. We then find that every number that we 
describe and look for really is in such a countable model, including, for 
example, the values of definite integrals which we know exist but cannot even 
compute, | 

If we believe that there really are ''many'' more real numbers than 
rational numbers or integers (and most mathematicians since Cantor act as 
if they believe this) then we must accept the situation that "most" real 
numbers are inaccessible to description in any manner, However, Skolem 
suggested that perhaps the notion of uncountable is relative to one's language, 
and that there are uncountably many real numbers in real number theory 
because there is no one-to-one correspondence possible between the real 
numbers and the natural numbers within the theory. But viewed from outside 
the theory, such a correspondence is possible as his countable model shows. 
Viewed this way, "uncountable" refers to our inability to "count" or specify 
an enumeration, rather than to the large size of a set. | 

This situation is further dramatized by the fact that it is possible to 
axiomatize set theory in first order logic. The Von Neumann-Bernays-Gudel 
(NBG) set theory has a finite number of axioms (see (Mendelson, Chapter 4]) 
and purports to be about sets of arbitrarily high cardinality and "classes" 
which are even bigger than sets, such as "the class of all sets". If NBG is 


consistent, then it has a countable model.! If it is not consistent, then 


1 That is, if one is willing to accept the fairly conservative portion of classical 
mathematical reasoning used in the proofs of 8.1 thru 8. 5. 
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methods of reasoning used as a matter of course by mathematicians in all 
different fields are called into question. _ 

Philosophically, one may believe that all the entities of mathematics 
are given a priori, but that our language has difficulty dealing with them, or, 
if like the intuitionists one restricts one's belief to those things that could at 
least potentially be written, then one may take all the higher infinities to be 
mere semantic constructs. There is current research [Yessenin-Volpin] 
which attempts to prove that axiomatic set theory is consistent from an 
"ultra-intuitionist" viewpoint that believes in nothing it cannot see. It is too 
early at this time to evaluate this work. . 
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CHAPTER NINE 
FIRST ORDER LOGIC - ADDITIONAL TOPICS 


Preview of Chapter Nine 

This chapter is a collection of several topics not all of which are 
sequentially related. The only one of these that is a necessary prerequisite 
for subsequent parts of this book is $9.1 which is the study of formal 
definitions. . 

The system we have been studying so far is known as Hilbert-type 
deduction. It is characterized by straight line proofs. Within the past 
decade, research in automated theorem proving has been dominated by a 
radically different approach known as resolution. §9.2 thru $9.4 are about 
resolution and its prerequisite topics. %9.5 is about still another form of 
deduction known as a Gentzen-type system. 

In $9.6, we return to the Hilbert-type system which we shall use for 
the rest of this book, and discuss the question of decidability of theories. 


89.1 Definitions 


When a formal theory is presented as a set of axioms T in a language 
L, it is usually necessary to make definitions as we proceed to develop the 
theory, for if we have to describe advanced concepts in primitive terms, the 
length of the formulas we must use to do this becomes explosively long. We 
shall have some examples to illustrate this later. 

The main questions that we want to consider in this section are: How 
do we make definitions that do not add anything to the basic assumptions of the 
theory? How do we know that the theory is still consistent after we add 


-98- 


definitions to it? If the theory was deSigned to fit some model, how do we 
know that the definitions don't alter this? 


Definition 9.1 


Let TC L bea theory, and Ty c Ly be, an extension to T.. We say that 
T, is a conservative extension of T if whenever T,ra anda@e¢L, then Tra. 


A theory is consistent if and only if every. conservative extension of it 
is consistent, | = 

The easiest sort of definition that we can make is to replace some 
commonly occurring term by a new function name, or some. commonly 
occurring formula by a new predicate name. 


Rule X (Explicit Definitions): 
An explicit definition is a line in a proof having the form: 
on Pee 
or viS,. ee +0 Say) @ 


where @ is a new function hame and? is a term having no 
variables other than the §. or Pisa new predicate name and 
@ is a formula having no free variables other than the §.. 


The restriction on the free variables occurring in T or @ is necessary 
to avoid definitions that are ambiguous and have céntadictory instantiations. 
For example, if we défine f[x] = x+ y, then: two instances of this are £[0} - = 0+0, 
and f[0] = 0+1, from which we can deduce 0 = 1. Or if we define pix] = 
(x > y), then we have p[2] #(2>1)2(2>3)orT * F. 


Theorem 9.2 | = 


If Ty — Ly is an extension of T © L by Rute X, then it is a conservative 
extension. Furthermore, if M is any model in. L that satisfies T, then there 
is a unique expansion of M in Ly that satisfies T;- 

Proof: Let M be a model in L that satisfies T. if ¢~ is a new function name 
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in L, introduced by Rule X, then we define ad, pesegd ® for any elements d, 
in the domain of M by letting this value be VOM, I,T) where Tis the defining 
term in Rule X, and lis an interpretation of the variables 55 into the d, 
respectively. Any other way of defining @ would not satiefy: the defining 
equation, and so the expansion of M is unique. If the extension is by way of 
a predicate name #, then we define o(d v :.,d Se to be true if and only if 
M, Ika, where I interprets the 5 which are he. only free variables in @ into 
the d. respectively, ‘and this exparision is. algo unique. ore 

Suppose T, ka anda é€ L. Let M be any model for T. M has an 
expansion that sauenice T, and therefore satisfies a. Since a € ey the con- 
traction of M, to M also satisfies a. Since this is true for all M that satisfy 
T, we have Tka, and by completeness, Tra, S6 T is a conservative 


extension of T. 


The uniqueness quantifier a 1° means: “There exists exactly one § 
such that...." It is not a new iogteat’ concept, but merely an abbreviation. 
The formula “a, 8a) is an abbreviation for 45(@ A VE(a(E/5) > = §)),. where ¢ 
is a variable not occurring ina. This,notation is used only in languages with 
equality. | | - 

If the formula @ la) has any the variables . thru a free, and the 
(normal) model M natiaiies it, then for every. choice of d, hed q, in the 
domain of M, there must be exactly one dg 1 Such, that if: I interprets 
cy ee ty § into d, thru d nel respectively, then.M, Ika. This defines a | 
n-ary function on the domain of M. 


Rule F (Function Definitions): 


In a deduction in a theory with equality, if line (j) is 
a, &¢ a) and has only Gy thru t, free, then we may derive as. 
‘ike (i) awl, eel, V8) where is an nrary function name, 
and the justification for line (i) is "Rule F i". where j < i.. 
PD cps 
Theorem 9.1 
If TCL, Tra, S(a), @ has only the variables § and the C; free, Pisa 


new name, and T, is TU {a(pit,. as o)/ €)}, then T, is a conservative 


1 
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extension of T, and if M is any model that satisfies T, then there is a unique 
expansion of M that satisfies Ty. 

The usefulness of definitions comes from the uniqueness of their 
model expansions, which is a much stronger condition than that the definitions 
are conservative extensions. It not only guarantees consistency, but means 
that the theory being developed is still applicable, to the original model. 

A strong proof- theoretic property of definitions is. that. they are 
eliminable. This means that every formula in the extension can be effect-. 
ively mapped onto a formula of the original. language in a manner that 
preserves provability. So anything that can be said in the extended language 
can be said in the original language, although it may be of prohibitive length 
and therefore not a practical thing to do... Proving the effective elimination 
of Rule X definitions is easy, Proving the effective elimination of Rule F 
definitions using proof ~theoretic techniques is quite complicated combina- 
torially. It is’done in [Kleene $74). 

The following examples show how rapidly the process of definition can 
proceed, The theory Ni is the classical theory of natural numbers whose 
axioms we do not specify here. The theory is stated in the language 
{=,0, 4+, %}. 


1. (m<n)# Ip(m+p. =n) Rule X 

2. (m 2n) = 7(m < n) > Rule X 

3. prime[m] * rApig(o’ < .P Ap<mA 
p*q=m)/A0 Rule X 

4. G p(n = =O0>ps0)A e <n> (This is now 
(nxp<mAnxp2m))) —— provable. ) 


5. (n= O>min=0)A(0<n> 
(n x (m,=n)<m Anx 
(m +n)’ 2 m)) Rule F 4 


This definition of division is peculiar, - The reason is that Rule F 
only allows us to define total functions. In order to make division total, we 
have to arbitrarily define division by 0, it daegn't matter how, The second 
part of line 5 is the useful part, and it cannot be.uged to. Rrove any properties 
of division by 0. 

This brings up an n interesting palit, which { is that. the models of first 


a: 
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order logic always have total functions. This does not mean that we cannot 
model a subject that has partial functions. It does mean that if we provide 
axioms that do not completely specify a function, then we may expect the 
theory to be incomplete, and to be: satisfied by all models that complete the 
partial functions in all possible ways, — 

‘To put this differently, suppose we had eet as an axiom of N 
the formula 0< n2(nx(min)<m‘AnxX(min)' 2m). This defines divis- 
ion except by 0. _ It allows us to prove all the ordinary results about division 
that we would like to prove, but formulas such as m + +0=00rm:0=1 will 
be independent of this theory. We may choose to use this approach because 
it is distasteful to make arbitrary choices that are not necessary. 

We now introduce additional definition schemas to define functions and 
predicates by cases, and to define partial functions and predicates. It is 
important to ‘know whether a given function or predicate has been introduced 
as total or partial. The rules X and F already specified, and the rule K 
that we give next define total functions. the rules PK and PF ‘define partial 


functions, 


Rule K (Definition by Cases): 
The definition schemas: 
cal 2 vI5,. oeoe su! nih | 
% 7 ¥IS,,-6-,5,) 8 oe 
and 
Y, PlS,.---.8 = 7, 
Ye POLE ye oes Bal = Hy 
are justified when (i) » or g is a new name, (ii) the T have no 
variables other than the § ru and the a and Y; have ‘5 free 
variables other than the c. (iii) THUY, A 7”) for i< j<k, and 
(iv) THY, Vince ¥ Y) If all previously defined function and 
predicate names used in such a definftion are total, then the 
new function or predicate name is total. 
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Rule PK (Partial Definition by Cases): 


Same as Rule K except that condition (iv) is not required. 


Rule PF (Partial Function Definition): 


If Try > 4, §(a) where the only free variables in this 


formula are o thru Cn. and ~ is a new function name, then: 


¥ Dalley. -.++€,1/8) 


is justified, and defines a partial function. 


Problem Set 27 


1. Prove theorem 9. 3. 

2. Prove that all total definition schemas imply unique model cxten- 
sions, and that all partial definition schemas imply the existence of model 
extensions, and that all these extensions are conservative. 

3. Critique the following proposal for an "ambiguous function" 
definition schema: If Trd§¢@), and the only free variables inh this formula are 
Gy thru Cn and @ is a new function name, then define @ by a(pt,. sass .€ 1/8). 


§9.2 Herbrand's Theorem 
Definition 9. 4 


A sentence is called a prenex normal form sentence if it is 
Qt at Qnen'®) where each Q; is either V or @, the m are distinct variables, 
and q@ has no quantifiers. 


Theorem 9.5 


Every sentence is equivalent to a sentence in prenex normal form 
having the same function and predicate names. 

If T is a theory, then Th(T) = Th(T, ) where qT, is a set of prenex 
normal forms equivalent to the closures a the formulas in T. 
Proof Sketch: To put a sentence in prenex normal form (i) eliminate "#" by 
(a = 8B) #(a 2B) A (B> a@), (ii) eliminate "om" by (a > 8)” (ra V B), (iii) change 
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variables so that every quantifier has a distinct variable, (iv) move the 
quantifiers outward using transformations such as V§(a@) * 9§(-@) and 
a Vv VE(B) *¥&(a VB), These are all equivalences, (Note that in the last 


formula, @ has no free &. Why?) 


Herbrand was trying to solve the fundamental problem of first order 
logic, which is to determine when a formula @ is a member of Th(T), by 
purely proof-theoretic techniques. As part of this program, he showed how 
a theory could be expanded into a form in which there were no quantifiers. 

Given the theory T, we have the equivalent theory Ty in prenex 
normal form. Let Q,54° : -Q,5,(@) be a sentence of this theory. | If Q, is 
universal, then it can be dropped by rule QX3,_ If. it is existential, then we 
can drop the quantifier and make the substitution {]/5, in the manner of 
problem set 27, number 3. _ In either case,. we. have ites rid of the first 
quantifier. This process can be repeated for. each quantifier.in turn, merely 
dropping the universal quantifiers, and substituting ambiguous function names 
for the existentially quantified variables. If 5 is existentially quantified, 
then it will be replaced by oF sida i) where: pr oe are the universal 


quantifiers to the left of Q; in the original formula. For example: 
Vxd y¥2d wi p[x, flys w]e 2.:efys 21) 
becomes 


p(x, ffhl[x], h2[x, z}], z, gf{hl{x], z]] 


where h!1 and h2 are new function names. They are called Herbrand function 
names, 

This process can be done for an entire theory T,i in prenex normal 
form producing the open theory T,. From the previous | discussion it should 
be clear that T, U Ty is a conservative extension of Tye and that if M is a 
model for Tye then there is an expansion of M that satisfies To: This 
expansion is not necessarily unique, Conversely, any model, for qT. can be 
contracted to a model for Ty: therefore T, ‘is satisfiable if and only if Ty, is 
satisfiable,. 

Let Lo be the language of T,. It is the language of T (and T,) 
together with all the Herbrand function names. Let H be the set of all 
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ground terms in L,. We add one constant to Ly if necessary to make sure 
that H is not empty. 

Let T, be the set of all ground instances of T, (lf @ is an open 
formula in T, having distinct variables 5, ‘thru c ce in, t thru hare in H, 
then a(h, /8,, ee «| oe ) is a ground iaatance of ‘a ) If Te is satisfiable, 

‘then shvisuely T, is satiafiable, ‘The converse is also true, but needs a. 
proof, which we supply presently. 

When we look at the formulas of Ts, we see that not only are there no 
quantifiers, but there are no variables either. A formula in T, is simply a 
logical compounding of ground atomic formulas. If we view each distinct 
ground atomic formula as a distinct propositional variable, then we can 
regard T, as a theory of propositional logic. If Ts is satisfiable as a first 
order theory, then it is also satisfiable a8 a propositional theory by allowing 
a first order model to supply truth values for each ground atomic formula. 

Conversely, if T, is satisfiable as a propositional theory, then it is 
satisfiable as a first order theory. To show this, let M be a propositional 


model for T We define the model M’ on the domain H of ground terms by 


definlte cued interpretations in the same manner as in lemma 8.5, 

i.e., O(h,,-..,h,) is the term gfh,,...,h,]. We define $(h,,.--,h,) to be 
true if and only if M Feth,. eas Hed This defines M., and a ‘fT because it 
produces the same valuations on ground atomic formulas as does M. 

M’ also satisfies T, because if @ € To. then a is an open formula, 
and if I is any interpretation of the variables of @ into H, then M, Ika, 
because the corresponding ground instance in T, is ‘also satisfied by M’. 

(This sort of argument can only be used when we already know that the 
language has a ground term to express every object in the domain of the 
model. The situation is similar in some ways to lemma 8. 5.) This proves 
that T 


is satisfiable if and only if T, is satisfiable. 


2 3 


Theorem 9.6 (Herbrand's Theorem) 


Suppose that T is an inconsistent theory. This fact can be demon- 
strated in the following way. Let T, be the prenex normal form for T. Let 
T, be the open theory obtained from 7, by dropping quantifiers and intro- 
ducing Herbrand function names. Let Ts be the set of all ground instances 
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of Ty (making sure that H is not empty). Then there is some finite set of 
formulas in Ts whose conjunction is propositionally inconsistent. 

Proof: If T is inconsistent, then it is unsatisfiable by the consistency theorem. 
If T is unsatisfiable, then T,, T, and T, are unsatisfiable as noted in the 
preceding discussion. Then Ts is propositionally unsatisfiable. By the 
compactness theorem for propositional logic, some finite part of Ts is 
unsatisfiable, and by the completeness theorem for prepositional logic, the 
conjunction of this finite set of formulas is inconsistent propositionally. 


This proof would not have been satisfactory to Herbrand. The state- 
ment of the theorem makes no reference to models, and can be proven using 
only finitary proof-theoretic methods. Such a proof is given in [Herbrand, 
p.168]. The proof is complicated and has error which has been corrected by 
subsequent logicians. (Herbrand's paper was presented as.a thesis at the 
Sorbonne in 1930, In 1931 Herbrand was killed in an alpine climbing 
accident when a piton came out. He was 23 years old.) 

If we can demonstrate inconsistency, then we can also demonstrate 
provability because T U [n@ } is inconsistent if and only if. Tra. The insight 
of Herbrand's theorem is that in all cases only a finite. amount of model con- 
struction effort is necessary to show that no model can be. built for a theory. 
This suggests an entirely new approach to creating demonstrations than the 
Hilbert-type system, and Herbrand's theorem is the "completeness" theorem 
for this new type of demonstration. This idea will be expanded in $9. 4. 


$9.3 Substitution and Unification 


The theory of substitution and unification is part of the theory of 
resolution developed by fRobinson]. It is interesting enough in its own right 
to be presented as a separate topic. Itis perhaps part of the answer to the 
question: What is the equivalent in the theory of symbolic processing to the 
number theoretician's interest in factoring, least common multiples and so 
forth? . | 

Before we can perform the operation of substitution, we need some- 
thing on which to do the substituting. We could develop the theory of substi- 
tution on s-expression but, instead, we shall do it the way Robinson does it 
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so that nothing needs to be altered for $9. 4, 


Definition 9.7 


A literal is either an atomic formula or else it-is a negated atomic 
formula (i.e., an atomic formula preceded by."'"—-"), A clause is a finite set 
of literals. Literals and clauses that do not have variables are called 


ground literals and ground clauses. 


The ale iarn of a clause that we shall use in 59. 4 is the dis- 
junction or "or" of its literals. The idea of a set of literals rather than a 
sequence is that a set does not specify an order for its components, nor is it 
meaningful for an element of a set to be a member several times over. 

This is a useful condensation of the associative, commutative and idempotent 
properties of ''v", A clause can be represented by the usual finite set 
notation which is a list of elements enclosed by braces and separated by 
commas, 


Examples of Literals: 


pix, y] | — aa(x, fly, efx y}) 
ap{k[]}, jf] r[x, (A B C)] 


Examples of Clauses: 


fapixy] rix (ABC), —a[x, fly, gfx, y]]]} 
{x+y =3, 1+2# 3} 


Definition 9.8 


A substitution component is an expression of the form "7/&" where T 
is a term and § is a variable, andr#§. Its meaning is "substitute 7 for all 
occurrences of §,"".- A substitution is a finite set of substitution components 
such that each Fr is distinct. Its meaning is "substitute each T for all 
occurrences of its §,. '' This is a simultaneous substitution. 

If C is a clause, and @ is a substitution, then C@ is the clause resulting 
from performing @ on C. For example, if C is {p[x, y], salfty]}). and @ is 
{g[z]/x, f[x]/y}, then C@ is {p[g[z], f[x]], aq ([f{f[x]]}}. The notation C@A means 
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the clause resulting from first performing @ on C, and then performing A on 
the result of this. This is a "postfix" operator style of notation which has 
the advantage that the operations get performed from left to right. 


Definition 9.9 


If @ is the substitution {r, /§ prseety / Sh } and A is the substitution 
{o [Byer DIE }, then the composition of @ and A, written @A, is the sub- 
stitution defined as follows: Let A’ be the set of all components of A except 
those for which FF is one of the g's, Let @’ be the set of all components of 
the form Tf, iA/§; nove T iS, is in @, and 7 A is the result of performing A on T. 
except howe ounes wiéte TA is g in which case TA/ 5 is not a substitution 
component. Then a is defined to be the union of the’ sets 6’ and A’, 

This definition of composition of substitutions is not commutative 
because it is intended to produce the substitution which is "first do @, then do 
A". If the T's replace all occurrences of the §'s and then A is performed, 
they will get changed into TA's. Thea, ALF components can act on the original 
text only when + is not one of the §'s. Howaier: even if they get thrown out 
they still have an effect in defining the TAL§ eomiponents. For example, the 
composition of {f[x]/x} with itself is {f[f[x]]/x}. 


Corollary 9, 10 
For any clause C, and any substitutions @ and A, (C@)A = C(@A). 
For any substitutions @, A and, (6A) = (Aw). (Substitution is 
associative. ) - 


The set of all substitutions form a semi-group, with the empty substi- 
tution as identity. | 


Examples of composition of substitutions: 
{x/y]} {x/y, y/x} = {y/x} 
{x/y, y/x} {x/y} = {x/y] 


{glx, yl/x, bly, 21/ } {f1Ly]/x, f2 £3 } = {g{fily], f2 
BELAY nn [x]/z} = {glf1 ly], f2[z}]/x, 


gre 3 x m/n} {n2 - 3/m} = {n? +2/m, 3 x (n? - 3)/n} 
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Definition 9.11 


A finite set of literals is called a singleton if it has exactly one 
element. If C is a finite set of literals, and-C@ is a singleton, then @ is said 
to be a unifier of C. @ is a most general unifier of C if it is a_unifier of C, 
and if for every A which is a unifier of C, A.= @ for some4. 


Not every set can be unified. A necessary. but not sufficient condition 
for a set to be unifiable is that either all literals begin, with ''7"" or else none 
of them do, and that they all have the same predicate name. At the opposite 
extreme, if a set is already a singleton, then every substitution is a unifier 
of it, and the empty substitution is its most general unifier. 


Examples; | 


{p[3], p[5]} cannot be unified. 

{p[3], p{x}} has most general unifier {3/x}. 
{p{x], plfly]]} has most general unifier {f[y]/x}. 
{p[x], p{f[x]]} cannot be unified. 


falfly], x), afx, fz) has most veneral unifier {ffy]/x, y/z} or 
f[2}/: x, z/y 


The unification algorithm is an effective process for finding the most 
general unifter of a sét' of literals if it exists. “The algorithm as given does 
not work for clauses containing infix or postfix operators or other relaxations 
of grammar, and we do not attempt to change this. 

Let C be a finite set of literals. The disagreement set D of C is the 
set of all well-formed terms or formulas that.begin-at the first symbol 
position at which not all of the literals of C.agree. We can think of a cursor 
moving character by. character from left to-right on all the literals'in C and © 
stopping as soon.as:there is any discrepancy between any two literais. We 
then copy the smallést well-formed term or formula that starts at each 
_ cursor position, and this is the disagreement set. For example, the disagree- 
ment set of {p[x,h[x, yy] pix glyL yl pi, 8}) ts (h(x, y], gfy],al. If C has 
at least two literals, then the disagreement set of C has at least two elements. 
The disagreement set is obviously computable. 


-109- 


The unification alogrithm is stated as a program, with program 
variables C, D, @, £ andT. C is initialized to the set to be unified, and ¢ is 
initialized to the empty substitution. 


Loop: C:= C@; (Performing 6 on C is specified here. ) 
If C is a singleton then terminate with most general unifier 0; 
D:= disagreement set of C arranged in a sequence with variables 
ahead of other elements; 7 | 
E:= first element of D; 
T:= second element of D; 
If § is not a variable then fail; 
If T contains occurrences of § then fail; ; 
6:= 6{r/§}; (Composition of substitutions is specified here, ) 
Go to loop; 


Theorem 9.12 (Unification Theorem) 


If C is a finite set of literals, then if it has a unifier, it has a most 
general unifier, and the unification algorithm will compute one. Otherwise, 
the algorithm will terminate with a fail. The algorithm always terminates. 
(Proof in [Robinson]. ) 


Problem 27 


The LISP function sublis[x, y] performs a substitution on the 
s-expression y when x is a list of pairs, each of which is a substitution com- 
ponent, (See §8.1.) Let us call-x a substitution if it-is a list of pairs, and 
the cadr's of the pairs are all different atoms, and ear and cadr of each pair 
are distinct. Define a LISP function compose[x, y] such that if x and y are 
substitutions, then compose[x, y] is a substitution, and if z is any s-expression, 
then sublis[y, sublis[x, z]] = sublis[compose[x, y], z]. 


99.4 Resolution 


We continue from the concluding remark of $9.2. Starting with a 
theory T that we wish to demonstrate inconsistent, we generate T, in prenex 
normal form, and T, which is an open theory. The next transformation in 


this process of preparation is to put the formulas of T, into what is known as 
conjunctive normal form. 


Definition .9.13 


If L, thru L, are literals, then L, Ve digg <M L, is called a disjunct. 

If D, thru dD. are disjuncts, then D, Nwee A Dn is called a conjunctive 
normal form, 

It follows from DeMorgan's Laws, and the distributive laws for 
logical connectives that every open formula is equivalent to a conjunctive 
normal form. Having put a formula in conjunctive normal form, we can then 
turn each disjunct into a clause simply by eliminating any redundancies and 
making a set of the literals. Now if we have a theory in such form, each 
formula iS a conjunction of clauses. Since a theory is semantically the 
conjunction of its formulas, we can further collapse the whole structure and 
regard the theory as simply a (possibly infinite) set of clauses in conjunction. 
The boundarieg of formulas are no longer important. If T, is an open theory, 
we call the equivalent set of clauses Ts. 

If T 3 is. unsatisfiable, then there is some finite set of ground 
instances of T, which is inconsistent. Call this T,. Ground resolution is 
an essentially propositional rule of inference on ground clauses that is used 
to demonstrate the inconsistency of T 4. 


Definition 9.14 (Ground Resolution) 


If @ is an atomic formula, then @ and -@ are called complementary 
literals. A ground resolvent of a pair of clauses having complementary. 
literals is the clause consisting of all the other literals of beth clauses, as is. 
indicated by the following schema, where @ and -q@ are complementary, and 
the B. and Y; are any literals andi 20, and j=20. 


fay Bys +048) 
{ra, 40 eos vo. 


(B,. e +BY, 00 %mnt 
This rule is not only propositionally valid, but is complete in the 
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following sense: The empty clause has the value "false" in all interpretations. 
Robinson denotes the empty clause by the symbol O._ iIf a set of ground 
clauses is inconsistent, then it is possible to deduce O by a finite number of 
applications of ground resolution, and no other rules of inference or axioms, 

So far, there is no great efficiency in this schema. It is not any 
faster than earlier decision procedures such as [Davis and Putnam]. The 
major advantage of resolution compared to ground resolution is that it is not 
necessary to generate the theory T 4 at all. Resolution is a combination of 
ground resolution and instantiation. But instead of generating ground 
clauses, it does no more instantiation than is necessary. In resolution all 
substitutions are as general as possible, 

Resolution is defined as a deduction rule that has two clauses (not 
generally ground clauses) as its antecedents, and another clause as its . 
consequent. ‘A pair of clauses may have no resolvents, or one resolvent, or 
more than one resolvent. The completeness theorem for resolution is that if 
T, is unsatisfiable, then there is some finite sequence of resolutions on T,, 
that generatesQO, The completeness theorem follows from Herbrand's 
Theorem and is in Robinson's paper. 


Definition 9.15 


et C and D be two clauses, Let C’ be obtained from C by substitu- 
ting the variables xl, x2... for the variables occurring in C, and D’ be 
obtained similarly from D using the variables yl, y2... This is to guaran- 
tee that C’ and D’ have distinct variables without their being substantially 
different from C and D. 

Suppose that there are sets L, M and N such that: (i) LCC, 
(ii) MCD, (iii) L-and M are non-empty, (iv) N is the set of all atomic 
formulas that are either in L or M, or whose complements are in L or M, 
(v) N is unifiable, and 6 is a most general unifier of N, and (vi) L@ and M@ 
are complementary singletons. Then (C’ -L)@ U (D’ - M)@ is a resolvent of 
C and D. 


As an example of resolution, we prove the validity of the sentence 
Vx(p[x] = q{x]) > (9x(p[x]) = dx(q[x])). (See problem set 21, No.16.) First, 
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the entire sentence is negated, to obtain the one sentence theory T, then it is 
put in prenex normal form, Ty: and the quantifiers are dropped introducing 
the constants k, and ky in To: Then it is put in conjunctive normal form, 
giving the theory Ts which is the first six lines of the proof presented below. 
This is not at all obvious, and it will probably take some effort to obtain this 
result, and also to verify that Ts really is the denial of the original formula. 
It is worthwhile doing this. Note that it is essential to the meaning of line 6 
that it have two distinct variables. 

Since each line in the demonstration is a clause, we do not bother 
with the braces. The renaming of variables is also relaxed in a manner that 
does not affect the demonstration. Lines 3 and § are superfluous. 


1. —p[x] fx] 

2. ra[x] pfx] 

3. p{k,] ~p[x] 

4. pik] alk] 

5. —q[x] afk, ] 

6. p(x] aly] . 
7. a{k, ] alk, Res 1,4 


8. —p[x] alk, ] Res 6,7 

9. -p[x] Res 6,8 
10. —~q[x] Res 2, 9 
11, glk, } Res 7,10 
12, O Rea -10, 11 


Lest we give the impression that resolution is obscure, we offer a 
proof of 0’+ 0’ = 0’’ from the same ‘assumptions as the long demonstration in 
§7.2. In doing the preparatory work for this problem, we come across an 
interesting property of resolution, Suppose we wish to prove a from a set 
of formulas B, thru B which can be axioms, definitions, or preouely proven 
theorems, We do this by demonstrating. the inconsistency of 7(B poe? 
B,>). In conjunctive normal form, this. becomes BA veee A &, Ana, 

This means that the premises of the demonstration do not have. to be negated, 
and that each one can be prepared independently. | ; Only. a needs, to be 
negated, In the following demonstration, lines R thru 4 are given, and line 5 
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is the negation of what we are trying to prove. 


1. x#y yAu x=z 

2. x#y x sy 

3. m+0=m 

4, m+n = (m+n) 

5. 0+0 40" 

6. (m+0) =m’ Res 2,3 
7. (m+n)'4z2 mtn =2 Res 1,4 
8. m+0 =m Res 6,7 
9. O : Res 5, 8 


It is very characteristic of resolution that although we can prove 
m+0 = 0 directly with no negations of desired results, we cannot prove 
0’+0' = 0” this way. The reason for this is that the latter is an instance of 
the former, and resolution always keeps things in their most general form. 
The preceding demonstration is about as efficient as one could hope for. 

Each line represents a bit of reasoning leading directly to the desired result. 

Since the invention of resolution, a great deal of effort has gone into 
making it even more efficient. Resolution fits in well with many different 
heuristic devices used by artificial intelligence programs. It has been 
shown that resolution is complete under severe restrictions as to the order 
in which different clauses get introduced. The effect of such restrictions is 
to cut through the combinatorial explosiveness of having to resolve all 
clauses in all possible ways. — When there is a model of the subject matter 
available, it becomes possible to use it to drive the resolution into fruitful 
lines of attack. There is now an entire book about resolution and the many 
techniques that have been invented to increase its efficiency. [Chang and Lee] 

In comparing a Hilbert- -type proof system with resolution, let us start 
with some of the differences. A Hilbert system is a linear method of 
deduction following precise rules and therefore subject to mechanical verifi- 
cation which we call proofchecking. It has more symbols than are actually 
needed, and at every point offers many ‘different options. There are always 
different ways of expressing the same thing. Most of the design effort, 
including the various kinds of definitions, has gone into making it possible for 
a person who is inventing a proof to formalize it in a manner which approxi- 
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mates his own use of language. 

Resolution, on the other hand, has been designed for the purpose of 
mechanical theorem proving. Rather than allowing for flexibility in expres - 
sion, just-the opposite tactic is used. The input data is reduced toa 
canonical form as soon as possible, even at the cost of making it humanly 
unintelligible, The combinatorial complexity is reduced by having a single 
rule of inference, by keeping all assertions in their most general form, and 
by heuristics, all of which provide restrictions rather than introduce 
additional options. The result is the most powerful in-depth mechanical 
theorem prover available today. 

We might ask what use is it? Even if further, improvements resulted 
ina speed-up by a factor of 1019, this would not be enough | to give a theorem 
prover the appearance of "intelligence" - The idea of a theorem prover as a 
sort of universal intelligence has been largely abandoned by people working 
in artificial intelligence. The usefulness of a theorem prover seems to be. 
in filling in ‘the,.gaps left by some more intuitive process, whether that: 
process is human or machine. 


$9.5 Gentzen-Type Systems 


Gentzen developed a system of deduction quite different in appearance 
from Hilbert-type systems, for the purpose of studying the properties of 
deductions, An exposition of Gentzen's system can be found in [Kleene $77]. 
We do not describe the system here, but simply comment that rather than 
being linear like a Hilbert deduction, a deduction in Gentzen’s system has the 
shape of a tree with the resultant theorem ‘at thé base of'the tree, anda 
branching structure going up from this. The tip of every brafich is a certain 
type of trivial tautology. ae | 

An interesting aspect of'a Gentzen-type syatem, which has a certain 
appeal for artificial intelligence programming, is that it is highly suitable for 
working backwards from the goal to the given data, creating a structure of 
subgoals on the way. A list of subgoals may be. conjunctive or disjunctive, 
that is, either it is necessary to solve all of them, or.only one of them. This 
sort of alternating tree is similar to a move tree in a two-person game such 
as chess. A Gentzen-type system would have been at least as: suitable as a 
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Hilbert-type system for the purposes of this book, and probably more so for 
anyone building a real proofchecker. We have used a Hilbert-type system 
only because it is more familiar and easier to explain initially. 
Extensive research has been done on modified Gentzen-type systems. 
[Yonezawa] has designed a theorem prover containing many fewer and 
simpler rules than Gentzen originally had. He also has restrictions on 
generating substitution instances that make for efficiency. Yonezawa proves 
that this restricted system is nevertheless complete. When one looks at this 
program, one gets the feeling of seeing the basic principle of resolution 
(substitutions kept most general) in a different form. This suggests an 
interesting field of study which might be called comparative proof theory. 


$9.6 _Decidability 

A theory T is called effective if T is a recursively enumerable set. 
If T is an effective theory, then Th(T) is a recursively enumerable set since 
it is theoretically possible to enumerate ail deductions in T. 

The theory T is called decidable if Th(T) is a recursive set, This 
does not follow in any way from T being a recursive or even a finite set. 


Theorem 9.16 


If T © L is decidable and a € L, then T U {a} is decidable. 
Proof: If Tra, then Th(T U {a}) = TH(T), If Tra, then T U {a} is incon- 
sistent, and Th(T U {a}) = L. The interesting case is where @ is independent 
of T, We can assume that a is a sentence. Then by the deduction theorem 
T U {a} r8 if and only if Tra > 8, and this is decidable because T is decidable. 


Corollary 9.17 ~~ 


Every consistent decidable theory can be extended to a complete 
consistent decidable theory. 


wt 


First order logic is called decidable if the set ofall valid sentences 
is a recursive set. 
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Corollary 9.18 


If there is at least one undecidable theory having a finite axiomatiza- 


tion, then first order logic is undecidable. (In Chapter Twelve we provide 


such a theory.) 


Problem Set 29 


1. Prove corollary 9.17. (See lemma 8.1.) 


2. Prove corollary 9.18. 
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CHAPTER TEN 
INFORMAL ARITHMETIC 


Preview of Chapter Ten 

The study of the natural numbers is known as number theory. When 
we say "arithmetic", we mean the more generalized study of s-expressions 
including natural numbers, or possibly the study of discrete data structures 
in general, which we comment on briefly. The study is "informal" in the 
sense of being a mathematical discussion in English as distinct from a formal 
theory expressed in first order logic (which we study beginning in Chapter 
Eleven). 


$10.1 The Postulates of Arithmetic 
Peano's postulates for the natural numbers are: 


Zero is a number. 

. The successor of a number is a number. 
Zero is not the successor of any number. 
No two numbers have the Same successor. 


no PF WD DN 


. Any property which is true for zero, and is such that if it is true 
for some number it is also true for the successor of that 
number, is true for all numbers. . 


These axioms are stated informally, and do not come with any 
instructions on how to reason logically from them. The notion of equality 
and its properties, as well as the notion of a function, and the fact that 
successor is a function, are also not explicitly given. In trying to reason 
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from such a set of axioms, it is not quite clear which assumptions that we 
bring to the problem are logical, set-theoretic, arithmetic, etc. That is 
why formal systems were developed. 

The last postulate is known as the induction principle, and has always 
been the most controversial of them. We have already used induction in 
many of the proofs of theorems in this book. The notion of "property" in the 
induction postulate is a bit vague. In formal number theory, property is 
taken to mean "predicate". | 

The LISP postulates are a complete analogue to Peano's postulates. 
They even correspond in number. They are: 


1. Atoms are s-expressions. 

2. Cons of any two s-expressions is an s-expression. 

3. Cons of two s-expressions is never an atom. 

4. Ifa differs from B, or if y differs from 46, then cons of 
@ and ydiffers from cons of 8 and 54. 

5. Any property which is true for all atoms, and is such that 
if it is true for @ and 8 it is also true for cons of @ and 
B, is true for all s-expressions. 


The induction principle can be used informally on s-expressions to 
discuss properties of tree-type structures, For example, consider the 
LISP function reverse defined by: 
reverse[x, y]* [atom[x] * x, T * cons[{reverse[cdr[x]], 
reverse[car[x]]]] 
This recursive definition can be stated in English without reference to car and 
cdr as follows: 


(i) Reverse of an atom is itself, 
(ii) Reverse of the cons of two s-expressions is reverse of the 
second consed with reverse of the first. 


From (i) it follows that reverse of reverse of an atom is itself. Now suppose 
that reverse of reverse of qa is itself, and the same for B. Then by (ii) 
reverse of reverse of cons @ and B is reverse of (reverse of 8 consed with 
reverse of a) which is reverse of cons of Band a@. Applying (ii) again we get 


-l19- 


that this is reverse of a consed with reverse of 8B which is a consed with 8. 
This supplies the induction step,, and fram the induetion principle ‘we conclude 
that reverse of reverse of any s-eapression is itself. 

There.are only two differences between the LISP postulates and 
Peano's postulates. One is that cons is binary, while successor is unary. 
The other is that there are many atoms but only one zero, So in addition to 
the LISP postulates we need some. utom postalates: 


1. Every atom is either a name or a number but not both. 
2. The names are in one-to-one. correspondence with the 
numbers. 


Another way of putting (2) is to say that the 1 names can be prrestively enumer- 
ated, 

Neither predecessor, nor car and ¢dr are mentioned in these postu- 
lates, The reason for this ts to’avoid the fact that these are ‘partial functions. 
However, there is no problem introducing thei aa either partially defined 
functions, or functions completed in ain arbitrary way. 

The functions plus and times are not mentioned in the theory either. 

If one tries to define these {n thé language’ hiready ‘diven by Peanois postulates, 
one finds that there is Ho way to do’ this that’ “doe snot add something more to 
the theory, In fact, when we formalize this ‘theory, ‘it turns out that there is 
no way to make these definitions. so that they dré cofwervative. 

There is no reasonable LISP analogue’ for mine and times. Therefore, 
starting from this point, the two theories diverge. : 


$10.2 Primitive Recursion 


The reason why the definitions of plas: andtimes are not conservative 
is because they are recursive, ‘Recursive @eftritions donot always terminate, 
and, as we have seen in Chapter: Five, there is.no. general way to decide 
whieh ones do and which ones do not, We have not.considered so far what 
happens when a recursive definition is added to a. first.order theory. This 
topic is important, but needs a full and detailed tregtment which we provide 
~in Chapter Fourteen. For the moment, let us note that it is safe" to add a 
recursive definition to a theory if we know that it defines a total function, but 
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that such definitions are not necessarily conservative. (Note that none of 
the definition schemas of $9.1 allow any recursion at all.). 

Because the problem of deciding whish procedures compute total 
recursive functions is not generally decidable, itis usefyl to:define a subset: 
of the recursive procedures which are easily recognized:by their restricted — 
syntax, always define total recursive functions, and define a wide variety of 
important and useful functions. The. set of. primitive: recursive procedures 

‘. meets these criteria, and any function that can be computed by a primitive 
recursive procedure is called a primitive recursive function, _ They are dis 
cussed informally here, and formally in Chapter Twelve, of 

The basic idea of primitive recursion is to recur in a manner which 
counts down, and terminates ‘at zero, . 


would not appear in the definition because this is! Weireular" or recursive. | 
In a primitive recursive definition, (n') is defined. in terms of £(n), and £(Q) is 
defined explicitly.’ If thas more than one argument, then it. is necessary to | 
count down on only one argument, ‘For r example: 


(i) The sum of m ‘and Ois m. 
(ii) The sum of.m and the successor of n is. the suceessor of the 
sum of m and n. 


Here the primitive recursion is-on the second: argument orn. If nis 0, the 
definition is explicit and does not-refer‘to the sumof arything. Otherwise, 
the sum of some number and the successor of n is defined in terms of the sum 
of that number and n. 

The fact that primitive recursive definition always defines a total 

function is derived from the fact that counting. dawnward: always arrives at 

zero after finitely many operations. Soe a! Audet! Sete 

The definitions of plus and times given. ia: $2.2:are meuntsibe of 
primitive recursive definition. After these, ,we:cah make the definitions — 


m”™ In=071,T%m xm" } 
hyperenpt{m, nfo = 0 + ghopereant. 


5 
Hyperexpt[5, 3], for example, is 5° . 


An example of an.arithmetic function that is not primitive recursive 


is Ackerman's function. It grows faster than any primitive recursive function. 
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Ackerman's function is:a function of three arguments, p, mandn. If pis 0, 
then it adds m and n; if p is I, then it multiplies them; if p is 2, then it 
computes m"; if p is:3, then it hyperexponentiates, etc. 

ack[p, m,n] [p = 0 *m+n,n =0% [Ip =1° 0,T 71], 

T *ack{p ,m, ackfp; m, n7 J}] 

Ackerman's function belongs. to the class of double recursive functions. 
There is a transcendental hierarchy of recursion schemas of which primitive 
and double recursions are merely the first two steps. 

The concept of primitive recursion. ean be applied to definitions of 
s-expressions as. well as numbers. The idea. here is to. count downward by 
taking car andcdr. Ina. primitive recursive definition on s-expressions, 
the function must be defined explicitly for atomic arguments, and otherwise 
defined in terms of the function applied to. car and/or edr of its argument. 

A function of more than one argument. must ae this scheme for one only 
argument, 

The function subst is a typical example of primitive recursion. 
Almost every LISP function we have defined so far except for apply and its 
subsidiaries is also primitive recursive. Ewen proofeheck anti propeval are 
primitive recursive, although: it may tale some aca of the definitions 
to realize this. 


$10.3 Other Arithmetics 


We use the term "arithmetic" to mean a formal mathematical system 
consisting of expressions that can be written in some finite alphabet, and 
subject to a grammatical description. bin is sdmewhat refated to what a 
programmer would call a “data type", S-expressforns, integers, arrays, 
and: even floating point numbers. can be considered: arithmetics, but real 
numbers, or set theory cannot, because the theory is not about entities each 
of which has a standard description in some notation. Arithmetics always 
have countable domains. | 

The following question are important. te an examination of any 
arithmetic; 

1. Is there a syntactic description of the domain of objects? 

2. Is there a set of basic functions and predicates such that all 
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computable functions and predicates on the domain are recursive in terms of 
the basic ones? 

3. Is there an induction principle which applies to the domain? 

4, Is there a primitive recursion schema-on the domain? 

5. Is there an axiomatization of: the demain? 

As an example, we examine the integers using this syllabus. We 
assume that the natural numbers have already been examined, 

1. An integer is either a natural number, or a natural number other 
than zero preceded by a minus sign. iy tee 

2. All computable functions can be defined using the language of 
recursive functions starting only from successor, predecessor and equality. 
(Equality may be considered as given prior to any particular arithmetic | 
because it is a "logical" notion.) The predecessor is essential here, and 
cannot be defined from successor as it can be for the natural numbers, At 
this point, you might try to define addition, subtraction, multiplication, the 
ordering relations, the predicate positive[n], and the absolute value of-n. 

3. There are several useful induction principles, all of which are 
equivalent. (i) If a property is true of 0 and inherited under successor and 


predecessor, then it is true for all integers. (ii) If a property is true for 0, 


and inherited under successor and negation, then it is true for all integers. 
Any combination of a basis step and an induction step that covers all integers 
is a valid induction principle. . j 

4. The most obvious primitive recursion schema is to define a 
function explicitly for zero, and then to define it for positive cases in terms 
of the function of the predecessor of the argument, and for negative cases in 
terms of the function of the successor of the argument. This means counting 
up or down, but always toward zero. 

5. The equivalent of Peano's postulates. seems to be: (i) Zero is an 
integer. (ii) The successor and predecessor of an integer are integers. 
(iii) The successor of the predecessor of an integer and the predecessor of 
the successor of an integer are both equal to that integer. (iv) Zero is not 
positive. (v) The successor of zero is positive. (vi) The successor of a 
positive number is positive. (vii) An induction principle. such as 3(i) above. 

Without (iv) thru (vi), we could be describing a finite set of objects 
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arranged in a circular chain, But these axioms specify that 0 is not positive, 
while 0, 0”, etc., are, So 0 cannot belong to this sequence. 

[McCarthy] considers methods of defining arithmetics from given 
base sets using as basic operations “disjoint union’ and cross product" on 
sets. He shows how the defining equation for an arithmetic answer questions 
1 and 2 of our syllabus, This method could easily be extended to provide 
answers for the rest of the questions also. 
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One's not half of two, it's two are halves of one: 


e. e. Cummings | 


CHAPTER ELEVEN 
FORMAL ARITHMETIC _ 


Preview of Chapter Eleven 


The arithmetic of numbers and s-expressiona discussed in Chapter 
Ten is formalized into a system which consists of a theory; ‘plus a set of 
rules for extending the theory by means of definitions and primitive recursive 
schemas. A sample of the development of the theory ‘then foltows. 


$11.1 Multi- -Type Logic . 

The use of types in first order aie ies aonvenient. sbbreviation, and .. 
not a new theoretical concept... Formal arithmeti¢ is, a theory about s~expres- 
sions, and about numbers which are a special: type of s-expresasion. .We- 
adopt the convention that variables. beginning. with ‘the letters m,n, p and q. 
are to range over numbers, while variableg;beginning mith, the letters r.thru 


-z are to range over $- expressions. - ‘We have -akready beep using these con- 


ventions throughout this book. cone ee with the. letters a thru.k 
are reserved for future use, . 

When writing formal. echenas: we. shall Jet sia Greek 1 letters 5(xi) and 
C(zeta) stand for s-expression, variables, -and-9leta, andytnw. gtand for 
numeric variables, me 

A formula having the. froin Yale) is. ‘aivabhuecicon: for.. ¥$umi{$) = a 
a(€/n)), and a formula having the.from In(q@)} is.am abbreviation for Z6(num| | . 
§])4 a(§/n)), where § is a new variable. An-ppen-forzaula-having numeric 
variables is equivalent to its closure, Everything we.need, te know about the. 
use of typed variables follows from these facts, If we eimply.keep in mind. 
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the intended interpretation, we shall not go wrong. 

Having assigned types to variables, it then becomes reasonable to 
assign types to function names, predicate names, and terms in some cases. _- 
If a function has n arguments, then it has n argument types and a value type. 
If a predicate has m arguments, then it has m argument types. (Its value 
type is "truth value" or 7, ) i | 

For the purpose of first order theory of arithmetic, we consider the 
following functions and predicates to be basic, and assign types to them as 
follows: 


equal: Sx«S7f : successor: N?N. 


atom: S77 cons: 8xS?*S 
name: S~*@ e enum: N#S 


num; Sa 


We have now created a very precise situation in which each of these is 
a total function or predicate on its intended domain. Thee witt be quite use- 
ful in presenting the theory that fellows: = = = > 

We now proceed to asstgn types to terms. If a term has a type 
according to thege rules, it will be calied a well-typed‘term. But not all 
terms will be well typed, and we de not intend to exclude terme that are not 
well typed from consideration. The tfpe of « variable has been given. 
Variables that do not begin with the ‘letter m, | ‘p,q or r thrd z are not 
typed for the present.’ The'type of « ‘seanber’ ‘is nusiéric, and the type of any 
other object is s-expression. If eft, seen, J is a term such that for each i, 
if the i-th argument type of @ is OR NR, then ¥ is nemeric, ‘end if the i-th 
argument type of @ is s-expresgion, then the typeof t, fe either 8-expression 
or numeric, then the entire term is well typed, and ‘c type ig the value type 
ofg. Otherwise, the term is not well typed. Wedan. also" ‘define atamic 
formulas to be well typed in the same manner, iz 

If we were working with more than 'tiése two types, the same principle 
would apply. Some types are sub-types of others-in the sense that all 
numbers are s-expressions. That being the case; the i-th argument term of 
such a term should be either the i-th argument type of the main function of the 
term, or a sub-type of that type. | 
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These conventions allow us to say that a term such as length[x]+1 is 
a numeric term because length is numeric valued. <A term such as car[x]+ 
cadr[x] is not well typed, but it might oar PE Coeceey depending on 
whether or not x is a list of numbers. 

The conventions on typed variables affect the idea of substitution. Ql 
and Q2 need to be modified. The following rules’ are valid for substitution « on 
a numeric variable: ‘ , 


Qla: Yn(a) > num[tT] > a(r/7) 

Qib: Va) > &(t/n) where T is numeric 
Q2a: a(T/n) > num[T] > dna) — . : | 
Q2b: a(t/n) > In(a) where Tis numeric 


Examples: 


Qla: Yn(n’>0)> num (car [x}}> car[x]’ >0 
Qib: Yn(n'>0)>3'>0 


The definition schemas X, F, K, PF and PK of §9.1 get modified 
appropriately. We shall examine the situation for Rule F;. the rest are 
similar, 

Suppose that we have deduced the formula 4 ya). There are two 
abbreviations in use here, and just as a-reminder, ye write this formula in 
its expanded form. 


#§(num[§] 4 @(§/n) A VE((num{t]} A ate /n)) > §6=¢)) 


Let the formula @ have only 7, Sy thru & = and v, thru Vin! free, Leto be a 
new name. Then we can write alls, sees oy Vinweee v n/n) The function 
~ will have a numeric value type because n a a numeric ‘variable, and will 
have n s-expression arguments followed by m numeric arguments. There is, 
of course, no reason to list them in this order, but whatever order is used in 
the term [...] will determine the argument type description of p once and 


for all. 


$11.2 Axioms for the Theory of Arithmetic — 


The axioms are listed in groups with some discussion when necessary. 


~127- 


Group A: The theory of equality, EL: 


This group includes the three equivalence axioms for and an 


axiom for every function and predicate name that will ever be introduced into 
the theory. (See definition 6.11.) 


Group B: Peano Arithmetic 


Bl num{n’] 
B2 n#0 
B3 m = n> men 


B4 = a@(G/9) > Vala > a(n’/n)) > Ya) 


These axioms correspond to Peano's postulates 2 thru 5. For postu- 
late 1, see the computation schema, Group G. 
Schema C: Primitive Reeursion on tire Netaral Numbers 
PES 56 oes ae ny} * Fy : 


where (i) ¢@ is a new name, (ii) T, has no occurrences of ©, and 


no variables other than the §., (iii) every occurrence of @ in To 
is of the form gf..., 7], and Fo has no: variables other than the 
FF and 7, and (iv) T, and 7, are well typed. ‘Some of the $. 
aay be of numeric eee. and the ar piomont n does not heve to 


be placed last. 


The function ¢ defined in: this schema will be of numeric value type if 
both T, and T, are of numeric type, and. will have 3-expression value type if . 
one or both of the tT, are s-expression typed. The argument types of » come 
| from the types of the §. and the type of 7 which is numeric. 
The primitive veceesion schemes for "+" and "x" are Pate of the basic 


theory. They are: ; 
m+0O=m : 
‘ / 
mtn=(m+t+n) J 
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and 
mx0od=0 
mxXn = m+(m X n) 


Group D; S-Expression Arithmetic 


D1: —-atom[cons[x, y]] 
D2: cons[w, x] = cons[y,z]>(w = yA x = 2). 


D3: V§(atom[§]> a@) > VEVE(a > a(G/§) > 
a(cons[§,¢}/§)) > V§(a) 


Schema E: Primitive Recursion on the S-Expressions 
atom[€ ] >i§,, $235 5p 8] 2%) 
e[s,, ees an cons[t,,e, ]] = T) 


where (i) @ is a new name, (ii) 7, has no occurrences of 9, and 

no variables other than the g5 and C, (iii) every occurrence of 

~ in T) is either g[..., C,] or gf... Co ], and T) has no variables 

other than the Si. Ch and Coe _and (iv) 7, and T, are well typed. 

The comment about the type description of ¢ made for Schema C holds 
for Schema E, except that the recursion variable here is always of s-expres- 
sion type. | : 


Group F: Atoms 
Fl name[x] > atom[x] 
F2  num([x] > atom[x] 
F3 atom[x] > (name[x]. = ~num{x]) - 
F4 name[enum[n]] 


F5  name[x]> a, n(enum{[n] = x) 


Group G: Computation Schema 


All true ground literals formed from the basic functions listed | 
in §11.1, and the functions predecessor, plus, times, car, cdr, 


and their compositions, 
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This schema is for the purpose of saving us time, and to enable us to 
make free use of numbers and s-expressions, Without this schema, the 
theory would be about the numerals 0, 0’, 0”, etc., but not about 1, 2, 3, etc. 
All such literals can be evaluated rapidly by a. computer program. 


Examples: 
2+2=4 ‘cons{A, (B C)] = (A B C) 
2+245 num{cadr{(2 3)]] 
matom[(A B C)] “~num[A] 


Group Hi: Embedding 
If the theory of s- expressions is embedded in a larger theory 
in which there are things that are not s-expressions, then we 
need a predicate sexprfa] having universal scope and true for 
s-expressions only. (The variable “a" is not of s-expression 
type.) We need to add sexpr to the computation schema, and 
we need two other axioms, namely: sexpr{cons[x, yll where x 
and y are 8- expression variables, and atom|[a) = sexpr[a]. 
This situation presents itself when we consider a second order 
theory in which there are sets of S-expressions. 


In addition to these axioms, we need definition schemas. In $9.1, we 
defined schemas X, F, K, PF and PK. Schema X is really a special case of 
schema K in which k = 1, and y, is T (true). These form a part of the 
theory of arithmetic, with suitable allowances being made for types. 

Definitions made with quantifiers do not, in general, define functions 
that are computable. To define functions by explicit schemas that always 
result in computable functions, we must introduce as special cases of F, K, 
PF and PK the rules CF, CK, CPF and CPK, These have the same schemas 
as F, K, PF and PK, except that no quantifiers are permitted in any of the 
formulas of these "computable" schemas, For example, CF is the rule that 
permits a(o[§ es Sal /@) after having deduced dca) where @ has no 
quantifiers. 


pers 


We can now say something about each function and predicate name 
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defined in the theory of arithmetic by examining its history of antecedent 
definitions. When we do this, we find that some functions have been totally 
defined, while others have been partially defined... Some, are computable 
from the definitions, and some are not, These two.cambine in all four ways. 
For example, a function may be only partially. defined, but the definition 
gives an effective method for deciding whether it is ‘defined and computing it. 
for those cases in which it is defined. paeeae ; 

We have defined eight definition schemas, not counting schema X. 
which is a special case of schema K. The way in which these schemas 
preserve computability and totality is summarized as follows: . 


Schema: F K PF PK CF CK CPF CPK 
_ Preserves totality: _ yes yes no no yes yes no no. 
Preserves computability: no no no no yes yes yes yes 


Definition 11. 1 


A basic function (for the first order: hesiey of. arithmetic, not for com~- 
putability) is equal(=), successor( ‘), cons, atom,:num, name or enum. - 

_ A primitive recursive function is a funetion that may have the primi- 
tive recursion schemas, and CK in its history of Metinision,: ‘but no other 
definition schemas. _. . er sk Pee as a 

A total function has only the primitive recursion ‘dba and the 
definition:-schemas F and K in its history. (CF and-CK are epecial cases of 
these, ) Boon ee ie 
A computable partial function has only the primitive recursion 
schemas, and CPF and CPK in its history. . (CF:and CK are: special cases of 
these.). The special quality of these functions:is. that it-ia possible to compute 
the domains of definition, and to compute the values for. specific arguments 
within these domains, 

A total computable function has sei the: sfumitece recursion eoheiien 
CF and CK in its history of definition. 


It is evident that the primitive recursive functions are total computable 
functions by this classification schema. 
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The language used in definition 11.1 is a bit sloppy. When we used 
the word "function", what we really meant was "function name or predicate 
name", What we have just done is to introduce a classification schema for 
the names introduced into the theory of arithmetic by the various definitional 
schemas. The fact that a given name is classified as computable" does 
indeed mean that it corresponds to a computable function, but a function name 
not classified as "computable" may also correspond to a computable function, 
although the method used to define it does not of itself provide a computational 
procedure, 

A name classified as "computable" but not "total" has the peculiarity 
that there is an effective means of deciding whether or not it is defined for a 
given set of arguments, and then there is an effective means of computing the 
value when it is defined. This is more than can be said for partial recursive 
functions in general. This special cateogry is useful for predecessor, sub- 
traction, division, car and edr, functions defined only on lists, functions 
defined only on lists of numbers, etc. 

We now have a developing system with. many built-in conveniences for 
making definitions. We have been calling it a ''theory'', but it is not strictly 
Speaking a theory, but rather a theory, and a set of rules for creating 
extensions. Once a certain extension is created, it restricts the use of a 
certain name which then cannot be used to create some other extension. 

The system we have just described has a model which is the domain 
of s-expressions, with the basic functions having their standard interpretation. 
Each extension has a corresponding enlargement of the model. If the | 
extension is total, then a uniquely defined fanction or predicate is added to 
the model. — If the definition is not total, then there may not be a unique 
enlargement of the model, but there will be at least one enlargement, 

As was already mentioned, the total definition schemas are conserva- 
tive, and in fact eliminable, but the primitive recursion schemas are not so. 
This raises the question as to whether there is some language with a finite 
vocabulary that is adequate to describe the theory. If we restrict ourselves 
to the numeric part of the theory, then G&del answered this question by 
Showing that the only instances of the primitive recursion schema needed are 
those for ''+"' and "x", and that once these formulas have been given, all 
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other primitive recursive functions can be defined using only rules F and K. 
So formal number theory is presented in the language {=, 0, ‘+,x}. The 
proof of this fact involves coding finite sequenced of nunibers' into single 
numbers, and then showing that there is a function definable from + and x that 
can extract the i-th component of such a sequence. 


§11.3 Development of the Theory 


The purpose of this section is to stoviae some concrete examples of 
the system specified in $11.2. The first part is about number theory, and 
the second part is about s-expression theory. 

In the development that follows, many shortcuts will be used to make 
the formal deductions less tedious. We shall assume various properties of 
propositional logic, quantifiers, variablés, and equality, including symmetry, 
transitivity and replacement. However, every detail involving the properties 
of arithmetic will be written out in full, i.e., all references to the axiom 
system we have just presented will be completely explicit. The distinction 
between properties of logic and équality on the one hand, “und Prauerticr of 
arithmetic on the other can be made very precise. — 

We start out by repeating the following definitions: © 


Di: re NXN7N ett oe ie Schema C 
m+n =(m+n). oo 

D2: Xx; NXN?N mx0=0 Schema C 
mXn'=m+(mxn)j 


Thi; O+m=m 
The proof from almost identical axioms has. ead been given. 


Th2: m’+n= (m+n) 


1. m’+0=m’ Instance of D1 

2. m+0=m Di. —_ 

3. m+ 0 = (m+ 0)’ ‘Replacement 1, 2 
(4) 4, m’+n-=(m+n)’ Assume | 

5. m’ +n’ = (m‘ +n)’ . Instance of D1 
(4) 6. m'+n’= (m+n) " Replacement 4, 5 
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(4) 7. m+n =(m+ n)’ Replacement 6, D1 


8, m’ +n = (m,+ n)’> i 
mt+n=(mtn Discharge 4,7 
9, (m‘ + 0 = m’) > ¥n(m’ +,n = (m+n)'> 
m+n = (m+ n))? 
Yn(m +n = (m+n)) Instance of B4 


10, m +n = (m + n)’ From 1, 8,9 


Problem 30 


1. Th3: m+n=n+m 
2. Th4: OXm=m 
3. Demonstrate m # 0> Gj n(n =m). Then predecessor can be 


defined by m #0 2m” = m. 


From here, one may proceed to prove the commutivity of multiplica- 
tion, the associativity of addition and multiplication, the distributive laws, 
and then move into the area of primes and factoring. 

Because this is a first order theory, one cannot talk about sets of 
numbers, but only individual numbers. For example, one cannot state 
directly, let alone prove, that every number can be factored uniquely except 
for the order of the factors, into prime factors. However, one can state 
this indirectly because the set of factors of any number is always a finite set. 
It is possible to state, and to prove, that for every number there is a list of 
primes, unique except for order, whose product is that number. 

Every non-empty set of numbers has a least member, but this cannot 
even be stated indirectly so as to apply to all infinite sets of numbers. A 
related concept is to say that any predicate satisfied by at least one number 
has a least number that satisfies it. If ~ is any numeric predicate, then we 
can prove as a theorem @n({n]) > Gn(~[n] A ¥m(~([m] >m 2n)). However, the 
statement "This theorem schema is true for any ?,"' lies outside the scope of 
first order logic because it informally quantifies on a predicate, whereas first 
order logic quantifies on variables only. 

Second order logic quantifies over first order predicates. However, 
there is no effective method of deduction for second order logic which is 
semantically complete in the sense that if T ka, then Tra. An alternative to 


~134- 


second order logic is to stay with first order logic, and to develop a second 
order theory whose intended model has a domain of two types, numbers and 
sets of numbers. (We do this in Chapter Fifteen, only for s-expressions 
and sets of s-expressions.) But there is no escaping the essential incom- 
pleteness, which in the latter case presents itself as an incomplete theory 
rather than as an incomplete logic. Still, second order number theory is 
more powerful than first order number theory. In fact, second, third and 
even fourth order theories are in constant use by mathematicians, and their 
formalization is a necessity that must be faced. For example, one may 
speak of real numbers, functions of real numbers, and families of functions 
of real numbers, the latter being a third order concept. Such investigations 
lead us to the study of axiomatic set theory. 

In the development of first order s-expression theory, we find it con- 
venient to introduce the infix "*" to represent cons. We shall have it associ- 
ate from right to left, so that A*¥B*NIL = A*(B*NIL) = (AB). The function 
append which is familiar to LISP programs will be represented by a colon(:). 


Its primitive recursive definition is: 


D5: (:): SxS7S atom[x] > x:z = f Sea aes 
(x¥y):z = x*(y:z) 
Th6: atom[x]> x:[y:z] = [x:y]:z 
(1) 1. atom[x] Assume 
2. atom[x]> x:[y:z] = y:z Instance of D5 
(1) 3. x:fy:z] = y:z Modus ponens 1, 3 
(1) 4. x:y=y Modus ponens 1, D5 
(1) 5. x:[y:z] = [x:y}:z Replacement 4, 3 
6, atom[x]> x:[y:z] = [x:y]}:z Discharge 1, 5 


Problem 31 


1. Th7: x:[y:z] = [x:y]:z. Hint: It is important to choose the correct 
induction instance. If we induct on x, then Th6 is the basis step. Show that 
if u:[y:z] = [u:y}:z and v:[y:z] = [v:y]:z, then [u*v]:[y:z] = [[w*v}:y]:z. 


2. Define the partial computable functions car and cdr. 


-135- 


The theory of s-expressions has no standard curriculum, unlike 
number theory. At this point, one might formalize notions of permutation, 
combination, rotation, etc., or one might define sublis, and develop formally 


the theory of substitution presented in $9. 3. 
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CHAPTER TWELVE 
RECURSION AND: DEDUCTION 


Preview of Chapter Twelve 


Starting with this chapter, we unite two subjects which have been 
developed more or less independently, until now. In Chapters Two and Five 
we developed the language of recursive functions, ‘which ig a language for. 
describing formal computations on s- expressions, . The notion of recursion 
is shown to be absolute, and completely independent of this method of defining 
it, because, by Turing's and Church's theses, it is EERE ES effectively 
computable, | | Seta : 
In Chapters Six thru Eleven, we have developed. the subject of first 
order logic as a language for making assertions, and Lpmoving consequences. of 
these assertions, and then particularized this to the theory of s-expressions. 
The only relations between deduction and recursion that we have established 
so far are that deduction is subject to mechanical verification, i.e., 

"proofcheck" is recursive, and that certain types of definition within first 
order arithmetic provide recursive descriptions. 

There are two important questions about the relation between deduction 
and recursion that we consider in the rest of this book. The first is the 
problem of representing, and discussing recursive functions or effective pro- 
cedures within first order logic: The second i8 the problem of reducing — 
deduction to computation in routine cases. In this chapter, we begin with the 
first of these questions by "representing". reeursive ‘fanctions in arithmetic. 


$12.1 Expressibility and Representability 


In this chapter, let us consider the Hier y of arithmetic as consisting 
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only of those function and predicate names that we classified as "total" in 
Chapter Eleven, These are the names that necessarily lead-to unique model 
extensions because of their definitional history. Since the standard model 
for formulas in this language is unique, we can speak of a formula as being 
either "true" or "false" according to whether | or not this model satisfies it. 
There is no middle ground.. (We are not claiming that there is an effective 
procedure for deciding which formulas are true and false, only that each one 
must be either true or false. ) 


Definition 12.1 


If Pisa predicate in the sense of being a mapping from S™ into 7, 
then it is an arithmetic predicate if there is an ‘m-try predicate name » that 
can be defined in the theory of arithmetic such that for's any 5- expressions a, 
thruc,, Bo, y+oes0,,) is true if and only it op, ae a Jis true, 

For any formula a, we write Ara to mean that. there is a deduction of 
a@ from the theory of arithmetic. A is understood to mean the theory consis~ 
ting of all the axioms and &xiom schemas ‘@acassed in Chapter Eleven, and 
the definitions and primitive Fecursion achemis necéssury to define all the 
function and predicate names in @. This is not the most satisfactory - 
notation, because it dées not fully specify aL But it" will not lead us ‘into 
error if we are aware of this. | 


Definition 12.2 


The predicate a is expressible if it is poaaihie a define, a predicate . 
name yin arithmetic such that for any .s- expresaion ¢ % thru. Cnt if 
¥O,,..-,0,) is true than al ae } and BH ) is false, then 
APTWI e168, ]. m 

The n-ary function © is representable ¢ if Lit is possible to ) define a 
function name @ in arithmetic such that for any s-expressions a thru One’ if 
ole eee O)=0 tL? then Arp), ....0,} 80. p go! ae : 


The notions of arithmetic, expressible and representable, may also 
be relativized to functions and predicates having numeric arguments or values. 
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Corollary 12.3 


All expressible predicates are arithmetic. 
All expressible predicates and representable functions are recursive. 


The effectiveness of the theory A, and the fact that the theorems of an 
effective theory are recursively enumerable are a-sufficient proof of effect- 
iveness. Keep in mind that for a procedure to define a total function is not 
the same thing as our being able to prove that it defines a total function. 


$12.2 Primitive Recursion 


Corresponding to the definition of primitive recursive functions in the 
system A, there is a subset of the language of recursive fanction definitions 
that leads to primitive recursion. Wedist the corresponding schemas side 
by side: 


‘Schema C: 
els), eoeeog a 0) = oz 


IE,,....8 me n= 07,7 *7,(n/n)] 
PLS re0ee Se) = Ty 1 Dn fir ; ae: 1 2°. ; 


Schema E: 


atom|t] >9§,, a e's g, Ct) = Ty . : els. vee: ctle [atom[€ ] pe T. 
P(E. 250 Sr ,*8o] = Te T + to(carGNG,.cdril/E2)} 
Rule CK: 
7, 208... 8 1a, | — | | 
vee , PIEy.--- Se IY; Fyre Me FO] 
Me PVE. ST wy i ae 
. and 

‘4 PIS) s-005 8.) = Ty : . | oe ee : : Sok; 
eee ‘ o[s,. 299 es [y, i Ty» B29: 38: Vy 7h... 


My 2HLS,.-- SAT, 


n k 
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The restrictions for Schemas C and E,.and Rule CK are given in 
§11.2 and §9.1, respectively. In particular, there are no quantifiers any- 
where in these schemas, and it must be provable: that. exactly one of the ¥; 
must hold. | The definitions in the right column define the subclass of the 
recursive functions that are the primitive: recursive functions. - 


Theorem 12.4 

All primitive recursive predicates are cause and all primitive 
recursive functions are representable. . ue 
Proof: By nested induction.. The outer induction is on the length of the 
definition history. .The basia of the induction'is-that:the basic functions are 
representable. This follows from the computation schema, Group G. The > 
induction step is to show that for each schema, i if all the preceding definitions 
are representable, then it is representable also. . . 

For Rule CK, the fact that any, ground instance of the schema can be 
proven or refuted follows from the induction hypothesis, ‘and the replacement 
of equal terms and formulas, since there are no variables or quantifiers to 
deal with. For the schemas C and, there ig also an inner induction needed. 
The preceding method will work only for tre case that 1 = © in Schema C, or 
atom[€] in the case of Sefiema E, But thig is the basis for an induction on 
the natural numbers or the s-expressions whereby if'[..”. Say can be repre- 
sented, then 9[...,7 7 can be represented, or if ¢[... o, Jandgl[..., Col can 
be represented, then g..., t 1*82! can be. ‘Fepresented. 


We are now able to emonucrate that tie theory of arithmetic is 
incomplete. This is not in itself surprising, “tpecause we have not investi- 
gated the axioms presented in $11.2 very seriously, and there is no reason to 
believe that they are sufficient to prove idl bear a” that we would like to be 
able to prove about arithmetic. However, the incomptetenesa theorems will 
apply to any attempt to ‘strengthen these axioms\also. We prove incomplete- 
ness in three different ways. hg 8 one 
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Lemma 12.6 


There is a primitive recursive predicate aproof[x, y] which is true if 
and only if x is the s-expression translation of a formula @ in the system A, 


and y is the s-expression translation of a deduction that proves @ in A, 


We do not offer a formal proof of lemma 12.6 which would have to 
begin by writing out such a proofchecker. By now, you should be aware that 
if the amount of "work" that is involved in evaluating a recursive function is 
bounded exponentially by the size of its argument, then it will be primitive 
recursive. 

In order to be able to assert meaningfully that Ata, we must make 
sure that the names used in @ have the meaning that we intend. We shall say 
that a sequence of lines as in a deduction determines @ if every name 
appearing in @ except for the basic names is totally defined in this sequence. 
Suppose A is the s-expression translation of a sequence that determines @. 
Then if there is Some s-expression # such that aproof[A:y, @*] is true, then 
we can reasonably assert that a has been proven. (The symbol ":'' means 
append, and yp is the continuation of a deduction that begins with A. a* is the 
s-expression translation of a.) 

The predicate aproof, or something similar to it, is what GUdel called 
"'the arithmetization of metamathematics", meaning that we can interpret an 
arithmetic fact, namely that the predicate aproof is true for certain arguments, 
as an assertion about the provability of some formula. 

The key to G&del's incompleteness theorem is that the arithmetization 
of metamathematics allows us to create a sentence which asserts ''I am not 
provable in arithmetic."’ If this formula is provable in arithmetic, then it is 
not true, and so arithmetic is capable of proving things that are false. If the 
formula is refutable in arithmetic, then if arithmetic is true, it is provable, 
and so again we have deduced something false. So if arithmetic is true in the 
sense that the standard model satisfies it, then it is incomplete, and this 


sentence is true but neither provable nor refutable. 


Theorem 12.7 (GUdel's Incompleteness Theorem) 


The system A is incomplete, in the sense that there is a formula B 
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such that neither AFB, nor Ar78, 
Proof: The primitive recursive function sabato is Betined as follows: 


subquote[x, y, z] © [atom[z] * [y = z * list{QUOTE, x], T * z], car[z] = 
QUOTE + z, T ~* sebeeoset™ y ese Tradkeworel ys edr[z}]] 
Let A be an s-expression translation of a determining. sequence for poeaee: 
append(:), and subquote, Consider the formula: . 


a; —4x(aproof[A:x, subquotely, Y, y]]) 
Its translation is the a leaned 


a*; (NOT (ESTs x (APROOF (APPEND (QuoTE A) Xx) 
(SUBQUOTE ¥ (QUOTE ¥) FR 


a@* is a genuine s-expression, and the only thing that prevents our writing it 
out in full is that we have not written a program tor proof, and then converted 
it into a sequence of primitive recursive definiHors in A. This would make 
the s-expression A perhaps two or tree sisuaee ais in length. 

Now consider’ the formulas: . 


A: -@x(aproof[A:x, subquotefe*, ¥, art]. 
Its translation is the s-expression: 


BX: (NOT (EXISTS X {APROOF (APPEND (QUOTE A) X) 
_ (SUBQUOTE (QUOTE, @*) {QUOTE Y¥) (QUOTE a*))))) 


B is a sentence containing the ground term subquate|a*, y, ax L This term. 
can be evaluated using the definition of subquote, and the value turns out to be 
the s-expression B*. Since subquote is primitive recursive, it is represent - 
able, and therefore Absubquotefa*, A, at] = = Be Then by replacement of . 
equal terms, we have: 


(*) AFB = 7dx(aprooffA:x, 8 ]) 


Now suppose that 8 as determined by A were provable in A. Then we 
could write out such a deduction, and code this deduction into an s-expression 
beginning with A, Call the tail of this deduction. Then since it is a valid 
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deduction, aproof[A:u, B*] would be true. Since aproof is primitive recursive 
and therefore expressible, this formula would also be provable, and from it 
and the formula (*) we could deduce =8. Therefore arithmetic would be 
inconsistent. 

Suppose on the other hand that ~B could be proven in A. Then we 
could prove 4x(aproof[A:x, B*] from this and (*). Assuming that the standard 
model satisfies arithmetic, there must be some s-expression # such that 
aproof[A:#, B*¥] is true. Translating A: back gives us a deduction of 8, so 
once again A would be inconsistent. 

Assuming that A is a consistent system, and that the standard model 
for the s-expressions satisfies A, then we must conclude that 8 is neither 


provable nor refutable from A. 


This proof mirrors accurately the construction used by GWdel in his 
proof which was for the theory of natural numbers in the language {=, 0, A +, x}. 
However, his reasoning about this construction was quite different because he 
did not assume that arithmetic was necessarily consistent, and since he was 
restricting himself to finitary mathematics, the concept of a standard model 
could not be used. What he proved was that either arithmetic is incomplete 
or else it is either inconsistent or at least w-inconsistent, which means that 
there is some formula @ such that AFdx(a), yet AFra(0/x), sa(0'/x), 
a(0'/x), etc. 

At first, one might think that this incompleteness theorem indicates 
that the theory A is too weak and should have some stronger axioms. For 
example, we might add 8 as an additional axiom, since it is true but 
unprovable from A. It turns out, however, that the incompleteness of 
arithmetic has nothing to do with this particular choice of a set of axioms. 
Any true, effective extension of A will also be incomplete. , 

To show this, let B be any true, effective extension of A. The 
effectiveness of B means that its axioms must at least be recursively enumer- 
able. From this, it follows that there is a primitive recursive predicate 
bproof[x, y] which is true if and only if x is a proof of y in the theory B. 
Bproof is expressible (in A) because it is primitive recursive. It is expres- 
sible in B because B is a consistent extension of A, and so the incompleteness 


proof can be repeated in B, generating a formula undecidable in B. 
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It is not even necessary to arithmetize deduction in order to show that 
arithmetic is incomplete. It is sufficient to arithmetize computation. 
Starting from the definition of apply, we define the function applyk([x, oP, } 
which has the property that if apply{x, y]= 2%, then there is a number Py such 
that if p > pp, then applyk([x, y, p] = list[z], but if Pp < Po: “then applyk[x, yop 1 = 
NIL. If apply{x, y] is undefined, then for all B. applyk[x, ys Pp] = NIL. One 
way to define applyk is to add an extra argument to. every subsidiary function 
of apply. Each time a function is called, this’ argument gets decremented. 

If it ever gets down to zero, then the computation is interrupted, and. the value 
is NIL. It is also necessary to modify every function so that all explicitly 
undefined conditions get checked out, and so that a value of NIL, gets referred 


to the top level of the computation promptly. 


Lemma 12.8 


Applyk is a primitive recursive function, 

Alternate Proof that Arithmetic is Incomplete: If arithmetic were . 
complete, then every. arithmetic predicate ; vould be expressible, and hence 
recursive. We know that the predicates halt and total, defined in Chapter: 
Five, are not recursive. They are, however,. mbithmetic because they can 
be defined by: | oe : 


halt{x, y] = Izdpapplyk{x,.y, p} = listf{*})" : “Rale X 
total{x] * ¥ydzdp(applyk{x, liatfy} pf = eer Rute X 


Therefore arithmetic is incomplete. 


Problem Set 32 


1. Let A be the theory of arithmetic rcqudiny ake. definitions of arpink 
and halt. Show that there is a finite set of axk ma, T.in A such that if T,and 
T, are ground terms containing no constants other, than.0, and no functions 
other than successor, enum and cons, then. if, halt[r, 7 zi is true, then y 
Trhalt[r, T, J. 


2, Show that first dvder logic is undecidable. (See: eopeliary 9.18.) 
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There are still further ways of demonstrating that arithmetic is 
incomplete, and each one illuminates a different aspect of the problem. 
G&del's proof and the proof of Tarski's theorem in Chapter Thirteen are 
related to Epimenides' paradox. Epimenides was a Cretan philosopher of 
the fifth century B.C. who pondered the truth of the assertion: ''This very 
sentence that Iam now speaking is a lie."' Epimenides was dimly 
remembered by the Apostle Paul who wrote the famous slander: "One of 
their very number, a prophet of their own said, 'Cretans are always liars, 
hurtful beasts, idle and lazy gluttons.''' (Epistle to Titus, I, 12) 

Another approach to incompleteness has been developed by [Chaitin] 
starting from what is known as Berry's paradox, which goes something like 
this: 'Consider the smallest number that takes at least one hundred words 
to describe." If we ignore for the moment the problem of what is a valid 
"description" of a number, it is evident that some very large numbers can be 
described in very few words; for example "one billion hyperexponentiated 
one billion times". Among all the possible descriptions for any number, 
there must be one or more having the least number of words. So associated 
with each number is a number which is the word count of its shortest 
description(s). The smallest number for which this count is at least one 
hundred is the number that is referred to in the quoted sentence above. Yet 
that sentence which has less than a hundred words "describes" the number in 
question. This is the paradox. 

Chaitin replaces the ambiguous concept of ''shortest description length 
in English" with the precise notion of "information theoretic complexity". 
The information theoretic complexity of an expression is the shortest 
instruction that can be given to a computer that will cause the computer to 
print out the expression in question. Obviously, the number one billion 
hyperexponentiated to the one billion is not very complex because a program 
to generate it is quite trivial. Information theoretic complexity does not 
consider the amount of time taken by the computer, or the amount of inter- 
mediate storage required, unlike the "complexity" of current complexity 
theory research, One may argue that the definition of information theoretic 
complexity is arbitrary because it depends on the choice of computer. This 


is true, but since any universal computer can simulate any other one, the 
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difference in complexity as measured by one computer and another cannot 
differ by more than a fixed constant, and this can be kept manageably small 
if the computers in question are of fairly ‘simple description themselves. 

Let us fix the definition of complexity more precisely. The function 
size[x], the number of characters required to print the s- -expression x, isa 
recursive function. We now define the complexity of an s- expression x as 
being the least size of any s- expression y such that applyly, NIL) =x, The 
complexity of the s-expression which is a list ‘of the first billion prime 
numbers is evidently quite moderate, because we can easily write a program 
to generate it, and cast this program in the form of a recursive function of no 
arguments. The complexity of a list of one billion random numbers would be 
large, however, somewhat the same order as the Bize of the list itself. The 
complexity of any s-expression cannot be more than slightly larger than its 
own size, because x can be generated by the function (FN () (QUOTE x). | 

The function complexity[x] can be defined in arithmetic using | Rule F 
because the following formula is provable. 


dn(dy(eizely] = nA Gp(applykfy, NIL, p} = list[x])) A Welsizels] 2 
n V ndp(applyk{z, NIL, p] = list[xp)) 


We are now in a position to formalize Berry's paradox. Let gin] be 
a recursive function that enumerates all theorems of arithmetic with applyk, 
size and complexity defined. G is not all that complex in itself. It must 
contain the deduction rules for first order logic, the axioms of arithmetic, 
the definition of applyk, and some enumeration ‘machinery. Consider the 
first formula in the enumeration g[0}, eft]. ee that is of the form 
complexity[a ]> 1, 000, 000, 000 for some s-expression a. If arithmetic is | 
true, @ cannot be generated by any program of moderate length, yet we have 
just described such a method which consists in enumerating the function g 
until we come to such a formula, This. process can easily be formalized into 
a function of no arguments. The only way out of the ‘contradiction is to assume 
that no formula of the form complexity[@] m1, 000, 000, 000 will ever be 
generated in the sequence g[0], g{1], . .. But this sequence contains all the 
provable formulas of arithmetic, and so the conclusion is that only finitely 
many formulas of the form complexityfa]}]> n are provable, and that n is not 
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much larger than the complexity of the enumeration process. This isa 
startlingly different way for arithmetic to be incomplete. 

. Chajtin's article is highly .readable,--and-relates. information theoretic 
complexity to the notion of ''random sequente"’ ias well:as. fami centage and: 
incompleteness. — wee Baas a 7 

It is sometimes: claimed that the various: s ceectaieasii and 
undecidabjlity resylts are not useful to the: computer programmer concerned 
with artificial intelligence or mechaniaal inference, dpecause:all these - 
theorems. are. based on, weird techniques that-berder on ‘paradox and-always 
inyolve. self-application | or: diagonalization... ‘One: never wanta: te do those . ~ 
particular things, anyways. dn any practigal situation. : al would argue that, on 
the contrary, self-application is precisely what one wants to do, because a 
system of deduction that can examine its own behavior is that much more —_ 
powerful. Chapter Thirteen is an examination of. this, very. question. By 
proving incompleteness in three different ways, I hope I have made the point 
that incompleteness is a result of the richness of logic, rather than indicating 


its impoverishment. 
e 


$12.4 Representability of Recursive Functions 


Let ~ be an n-ary total recursive function. Let 9* be the s-expres- 
sion transiation of a sequence of recursive definitions that computes ¢. The 


following formula contains exactly the variables x, thru xX, and y free: 


1 


Gp(Gz(applyk(p*, list[x,,...,x,]p] = y*z) 
¥m(m < p > atom[applyk(p*, list[x,,---.*,] p}})) Vv 
¥m(atom[applyk[o*, list[x,, -+22X,)m]] A y= Nit). 


Calling this formula @ for the moment, it is possible to prove 4 ya) 
within arithmetic. In fact, such a proof is completely independent of a 
definition of applyk and the s-expression @*, and depends only on the principle 
of any non-empty set of numbers having a least member... Either there is a 
least p such that applyk/p*, list[x,, Mews x, P] is non-atomic, in which case y 
is car of that value, or else the second part of the disjunct holds and y is NIL. 
Therefore, we can define the function » by Rule F, getting a(y[x,,...,%,]/y). 
This happens to be true for any s-expression 9*. If ¢* defines only a partial 


-147- 


function computationally, then the function-¢ defined in first order arithmetic 
is completed by. having the value NIL wherever: the computation does not '- 
produce a value. If @* is not.a procedure at all, » will still be a:gongtantly 
NIL function. But@-will not necessarily be computable, 

While there is no process that. always telis ws whether p* computes a 
total function, in each case where it does, @ will bé representable in arith- 
metic, for if, thrad. are any s~expressions; ther for some number p and 
some s-expression.@. ,, Arapplykip*, list{o,, é 2.0} pr = list? 11 ‘and for 
m <p, AFapplykip*, list(a,,....%,) mj = NIL; Therefore: 


Theorem 12.9: 


All total recursive functions are representable. 
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CHAPTER THIRTEEN 


METAMATHEMATICS 


Preview of Chapter Thirteen 


Given a formal system of deduction, a metamathematical statement is 
an assertion about the system, very often about the system as a whole. For 
example: (i) Arithmetic is consistent. (ii) Arithmetic is incomplete. 

(iii) The formula 8 cannot be deduced within the system. (iv) The formula y 
cannot be deduced within the system except by a deduction whose length is 
astronomically long. (v) The name LENGTH defines a function having an 
s-expression argument and a numerical value. (vi) Every formula of the 
type V§&(a~) > 4§&(a) is provable. (vii) Replacement of equal terms is a 
derived rule of inference. 

Metamathematical reasoning is the method by which we arrive at 
statements such as these. It is impossible in any practical sense to do 
without metamathematical reasoning, and in fact we have used it throughout 
the book. If we want a practical system of logical inference, it will be 
necessary to formalize at least part of metamathematical reasoning, and that 
is the purpose of this chapter. Much of it has to do with formalizing the 
semantic notion of "truth", just as in Chapter Twelve we formalized the 


syntactic property of ''provability". 


913.1 Truth and Tarski's Theorem 


We first define truth as a semantic or model theoretic concept, and 
then later in the chapter we shall make use of some axioms concerning truth. 
It is important to proceed in this order because it is only by having a clear 
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model-theoretic concept that we shall know that our axioms are reasonable. 

If a is a formula of arithmetic, all of whose function and predicate 
names are defined and total, then we shall define truth[@*] to be true if and 
only if @ is true. Defining neg{x]: to be list{NOT, x], either truth[a*] or 
truth[neg[a@* ]], but not both, must hold for any totally defined arithmetic 
formula a, because either Ska or Sa, -where S is the standard model of 
the s-expressions. 

We now make the important point that the predicate "truth" is not an 
arithmetic predicate. It lies outside of the system'A, and-if the formula a 
contains "truth" then @ is not an arithmetic formula, and the above discussion 
does not apply to @ atall. If "truth" were an arithmetic predicate, then it 
would be possible to establish Epimenides' paradox within arithmetic. This 
is known as Tarski's theorem. 


Theorem 13.1 (Tarski's Theorem) 

Arithmetic truth is not arithmetic. 
Proof: Suppose to the contrary that it ‘were possible ‘to define truth[x] within 
arithmetic such that if @ is any arithmetic formula, then Sta if and only if 
S Ltruth[a*]. Let 8 be the formula “atéuth{eubquotely, y, yi. Let y be the 
formula truth [subquote[p*, Y, B* jh. “Then y = ~itruth}y* ], so Sty if and only 
if S-4truth[y*] if and only if S$truth{negf>*]] if and only if SE-y. 


Because Ska if and only if Sktruth[a*] is true only for arithmetic 
formulas, it becomes necessary to express the predicate "a* is arithmetic" 
itself within arithmetic. If we did not have definitions, the problem would be 
easy. An arithmetic formula would be one whose function and predicate 
names are only the basic ones. But since we do allow definitions, the prob- 
lem is administratively more complicated, altheugh-not Conceptually so. 

An administrative function is a function.that: makes certain system 
information available within the system. These functions are not charged 
with the semantics of “truth", -and so we may consider them: to be ordinary 
arithmetic functions, They tell us what has been written down in the system 
so far. The only administrative function that we need now is defn[x]. If x 
is a name that has been defined by any of the definition rules or primitive 
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recursion schemas, then defn[x] is a list of the name of the rule, and the 
lines of the definition itself. For example, defn[PLUS] might be 

((SCHEMA C) (EQUAL (PLUS M 0) M) (EQUAL (PLUS M (ADD1 N)) (ADD1 
(PLUS MN)))). It is evident that starting with a certain amount of initial 
knowledge, and the information obtained from defn, the history of any function 
name can be investigated, and various determinations made, such as that it is 
total, primitive recursive, etc. In particular, if the history of definition 
does not include TRUTH, then it is arithmetic. From this, we can define the 
predicate arith[x] which is true if and only if x is a* for some well-formed 
arithmetic formula a. Arith itself is total, arithmetic, and computable. 

We now postulate the following formal metamathematical axioms which 
are justified because they are true, that is, they are satisfied by the model 
which is the standard model for the s-expressions enlarged (non-conservatively) 
by interpreting the predicate truth[x] to be true if x is a@* where @ is a true 
arithmetic formula, and false if x is @* and @ is a false arithmetic formula, 
and leaving truth[x] unspecified for all other x. Notice that none of these 


axioms make any assertion about truth[x] unless arith[x] is true. 


M1: Semantic Completeness and Consistency of Arithmetic 
arith[x] > (truth[x] = ~truth(neg[x]]) 


M2: Validity of the Axioms of Logic 
arith[x] > taut[{x] > truth[x] 
arith[x] > qi[x] > truth[x] 
arith[x] > q2[x] > truth[x] 


M3: Validity of the Rules of Inference of Logic 
arith[y] > mp[x, y, z] > truth[x] > truth[y] > truth[z] 
arith[x] > q3[x, y] > truth[x] > truth[y] 
arith[x] > q4[x, y] > truth[x] > truth[y] 


M4: Truth of the Axioms of Arithmetic 
arith[x] > ax[x] > truth[x] 
where ax[x] is true if x is a* for some formula @ 
which is an axiom or instance of an axiom schema 
in Group A, B, D, For G, 
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arith[x] > ninduct{x]-> truth[x] | 

arith[x] > sinductfx}© truth(x) 
where those prédicates sasevt aut x‘is an instance 
of B4 or D3, respectively: ee ES 


M5: Truth of Formulas Introduced as Definitions 
arith(x) > Tyl member|x, edr[defn(y]]D 2 truth[x] 
If x is a* for a formula @ introduced by, some 
definition or primitive recursion schema, then it 
isa member of defn of the name that was defined. 
(Car of thie list is the name of t the schema, » 


M6: Truth of the Predicate Truth _ 
arith[a*] > (a. # tryuth[a*)). 
This is an axiom schema which. cannot: be.represented | 
in the present system as :9. single axiom. 


Schema M6 is at the very center of the notion'of fornial metamathe- 
matics. It is bidirectional. First it allows thet {if we’dan assert some 
formula @ then we can assert that a is true. In the other by abiaeusy) it allows 
us to pass from the assertion that aa is true te @ ‘Westie. 


§13.2 Metamathematical Deduction 

Let us modify the primitive recursive function aproof|[x, y} slightly by 
requiring that any definitions occurring in x be consistent with the system A, 
We can now do this by using ‘defn. This allows us to dispense with the 
nuisance of the determining sequence A used in Chapter Twelve. It is now 
possible to prove by induction on the length of the deduction ys 


(**) arith[x] > > dy(aproof ly. x) 2 truth(x] 


The formula 8B of theorem 12. 7 cannot be.deduced. within the system A, 
but at the time that we proved this,, we argued metamathematically that B was 
true. We can formalize this argument as. follows: is 


(1) 1. —8 Assume 
2. 8B = -7%x(aproof{x, A* }) _ This is provable in A. 
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3. arith[A*] Also provable in A. 


(1) 4, dx(aproof([x, B*]) Prop 1,2 
(1) 5. truth[B*] | -.. Instance of **, 3 and 4, 
(1) 6 8B M6 5. . 
y 7. B28 | Discharge 6, 1 
-8. 8B Prop 7 


This shows that formal metamathematics allows us to prove some 
formulas of A that are not provable in A, ..However, it. does not allow us to 
complete A, Halt and total are still not recursive, . since. the notion of 
recursiveness is absolute and therefore not dependent on one's choice of an 
axiom system. No formula of the sort complexity[@ ] 1 000, 000, 000 can be 
proven in formal metamathematics, or in any truthful system whose axioms 
can be enumerated by a function of feasible complexity. . 

The following extreme case shows that there are ‘formulas having 
proofs of unfeasible length in arithmetic that have feasible proofs in meta- 
mathematics. Consider the formulas: 


10 


@: —74x(size[x]< 10°" A aproatla: subquotely, Y,y])) 


B: —7x(size[x] < 102° A aproof[x, subquote(a*, Y, oy) 


B asserts that there is no proof of 8 (in arithmetic) of. feasible length. If 
there were, arithmetic would be untrue, and so we may assume that there is 
no such proof, fis therefore true. Unlike. the formula 8 of theorem | 12. q, 
however, this one is provable in A, Let 9, coe 2, be an enumeration of the 


9}° For each i, 


finitely many s-expressions whose size is less ‘hen 1 
Atnaprooffs,, 8*]. From all of these results, and the assertion that this list 
is complete, it is possible to prove B because the existential quantifier is 
bounded, Of course such a proof is much larger than 1019 in size. 

The metamathematical proof of B is so similar to the preceding proof 
that we do not even need to write it down. 

Theorem schemas are metamathematical oe tak that occur very 
commonly, We do not want to have to write out a deduction for each instance 
of a schema that occurs frequently. Consider the least number schema which 
is: = ie a : 

In(a) > Ina A Vua(v/n)>v zn) ge 
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This is true for any well-formed formula:a, any numeric variable 7, and any 
numeric variable ¥ which is free for 7 ina. The assertion that all instances 
of this schema are provable is not even metamathematical. i is: . 


Zyeantwtfiy A numvar[(z] 4 numvar[w] 4 snull [sub/list[w, z,y}] 4 
= list{IMPLIES, HstfE XIST, z, y], list{EXISTS, z, list{AND, y, 
enone: w, list{IMPLIES, ‘subflist(w, zh yL list{GTQ, w 
2])]1)) > dulaprooffu, x) . 


where sub is defined in problem set 22, No.1. Let us abbreviate this to 
Inp[x] > dy(aproofly, x), where Anp stands for least number principle. This 
formula is provable by formalizing a deduction schema for this theorem 
schema, It is tedious work, and one first has to deal with some properties 
of substitutivity. But having done thie, we can then deduce from (**) the 
formula: 7 

arithix] > Inp[x} > truth[x] 


The advantage of having this formula is that given any arithmetic formula @ 
such that Inp{a*} is ‘provable, we can derive @ itself from M6. Lnp is a 
simple primitive recursive formula that inérely tests its argament to see if 
it has a certain format. Lnp is called @ thedrem schema, © In general, a 
theorem schema is any unary predicate # such that: oe 7 


arith(x] > ofx] > truth[x] 7 
has been proven, and an inference schema is:any ntl-ary predicate »: such» 
that: . : ans 

arith(x, ] 2.4.2 arith(x 4) }> truth[x, ]> vis > truth[x,] 2 

vIx,, veer Xnay ]> truth(x,,,] 
has been proven. 

Metamathematics allows us to demonstrate, that.a predicate defined in 
arithmetic is a theorem schema or inference. achema, This solves half of 
the problem of reducing deduction to computation in routine eee | The 
other half of the problem is to prove that the predicate defined in the ‘logical 
theory is the same as the predicate computed by some procedure ina 
programming language. When this has been established, we can then compile 
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the procedure, knowing that it is a valid addition to our collection of proof 
techniques. Theoretical results relevant to this problem are presented in 
Chapter Fourteen. 


Problem Set 33 


1. Show that @ = truth{@*] where @ is any formula is an inconsistent 
schema, 

2. Using (**) and M1 thru M6, De an airthmetic formula asserting 
that arithmetic is consistent. 

3. Why is M4 necessary to the proof of («x) even though each ground 
instance of M4 can be deduced from M6? 


$13.3 The Hierarchy of Truth 


The notion of truth in the system we have seus described can be 
formalized by means of a predicate truth1[x] which. is, outeside that system. 
This leads to a hierarchy of truth functions, each of. which can reason meta- 
mathematically on the systems below it... It is poasible.to define a predicate 
truth[x, r] where r is a rank number, and.to axiomatize truth so that at each 
rank the truth of formulas of lesser rank.can be discugged, . An arithmetic 
formula is of rank 0, and any formula in which all occurrences of truth are | 
of the form truth[...,n] where nis a number is of rankn+1, If a formula 
contains truth[x, y], where y is anything other than.a number, then the 
formula is outside the rank system, and cannot.be discussed on any level. It 
is natural at this point to extend this idea even further by letting the second 
argument of truth be any ordinal number. This. creates‘a whole new situation. 
It is not clear how much of this hierarchy is. actually. useful, but it would seem 
that having at least several levels of it are. 
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CHAPTER FOURTEEN _ 
THE RECURSION THEOREM 


Preview of Chapter Fourteen 

The purpose of this chapter is to relate functions described by 
procedures, which are, in general, parti] recar#ive functions, with descrip- 
tions of functions in first order writhmetic. -We need to do this in order to 
prove theorems about procedures, and in ordér to find procettares for com- 
puting functions that have been defined logicatly. Orie example of the latter 
is the problem of computing a fonction which hee: “pein ‘proven to be a theorem 
schema or inference schema by the methods ‘butiined tn ‘Chapter "Thirteen. 

The recursion theorem is & basic result di tetufsive Panction theory. 
Its relevance to these -probtems has been reccgnited by Pesedrchers in the 
semantics of programming languages, 2 ‘Complex subject Which we do not even 
approach except for the very trivial “languhgs of tecursive furictions" as 
specified in Chapter Two. Res¢arch ih this area, ranging from abstract 
topology to detailed semantic des¢riptions of ALIGOL 60; is being done by 
[Scott], [Strachey] and others in the Oxford Programming Research Group, 
and [Milner], [Newry], [Igorashi] and others at the Stanford Artificial Intelli- 
gence Laboratory. 


$14.1 The Nature of the Problem 


In Chapter Twelve we describe a correspondence between procedures 
and formulas of first order arithmetic for the special case of primitive 
recursive functions. It is easy to generalize this syntactic correspondence, 
but not immediately useful because of preblema of consistency. 
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Consider a recursive definition having the general form: 


P[E;.--+58) Jee 


It can be converted into a set of formulas of first order arithmetic by replac- 
ing the "+" with "=", and then applying the distributive rule of conditional 
forms, and the conversion of conditional forms into logical formulas, des- 
cribed below, until there are no more conditional forms. ' Since every part 
of the language of recursive functions except for the conditional is part of the 
language of logic, the result must be a set of formulas of logic. . 


Distributive Rule for Conditional Forms: 


Transform 9[..., [m, é oe i + eho ‘ 1 into "+ 
Olewag were Listas 7 ie €) eos 1 where @ is any function 
or predicate name, including "=". 


Conversion of Conditionals into Logical Formulas 


When the conditional form [", iad Gress 7 + el) is not a 
sub-form (i.e., when it is on the outside), transform it into 
the sequence of formulas: | 

1, >€ 


es | 
2". > 
Ta ee 
> 7 
ae , Mya > Ps i 


When the conditional form is on the outside of. everything 
except for logical connectives, transform it into, the. conjunc- 
tion of the formulas of this schema. 


Example 
subst{x, y, 2] © [atom[{z] * [y = z *x, Tz], T’* subst[x, y, 
cartel eupetie y, cdr[z]]] 
becomes 
atom[z] > ((y = z > subst[x, y,z]=x) Ady A 2 > subst[x, y, z]=2z)) 
~atom[z] > subst[x, y, z] = subst[x, y, car(s]}* subet{x, y, cdr[z }] 
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Unfortunately, there is no justification for changing "«" into "=". A 
procedure cannot be inconsistent; it can at worst not produce a value, or 
produce a value not anticipated. The assertion. that the left half is equal to — 
the right half may be logically inconsistent, There are three situations that 
may arise from a recursive definition; it may over- nn under-define, or — 
exactly define a function. : ; 

Case I: If a recursive ‘definition defines a ‘total function, then the 
transformation into logic produces a set of formulas that represents the 
function. Subst is an example of this. The function subst computed by the 
recursive Genaitios 4s the same as the function represented by the two 
formulas. . 

Case II; The recursive definition is under-defined. In this case, the 
function computed by the recursive definition is partial, and there are more 
than one completions of the function thet are model enlargements satisfying 
the formulas, Consider: 

f[n] + f[n + 1] 

ffn,m]¢fim,n] 
Both of these definitions compute totally undefined functions. The first is 
satisfied by any constant function; the second is satisfied ey any commutative 
function (on the natural numbers), : 

Case IH: The recursive definition is over- -defined. In this case, the 
function computed by the recursive definition is partial, and there are no 
_ completions of it that satisfy the formulas, There are no model enlarge- 
ments, and the system is inconsistent. An example is the definition: 


f[n] + f[n]+ 1 


As a procedure, it does not converge... As an assertion, f[n] = f[n]+ 1 is 
inconsistent. = 

Combinations of Cases I and Hi also occur. 

The last example is extreme, but there is no general method for 
deciding which recursive definittons are over-determined. ‘Nor can we 
regard them as undesirable. The definition of apply given in $2.4 is over- 
defined, and there is no way to avoid this. . 

In $12.4, we proved that all total recursive functions are represent- 
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able, although we cannot always decide what is a total recursive function. 
Suppose we call a partial function Qo partially nepr csentable if it is possible 
to define a function name ¢ in arithmetic Such that if ota, Pee 0. ) is defined 


and has the value o nt? then Atgyfo,,... 1, js Onet? 


Theorem 14.1 


All partial recursive functions are partially representable. 
Proof: This is implicit in the proof of theorem 12.9. The representing 
function described in that proof has the value NIL for those arguments for 
which the partial recursive function is undefined, but it may not be possible 
to compute this NIL. 


This method of representation is indirect, depending on the definition 
of an interpreter function applyk which itself is fairly complicated, The 
recursion theorem which follows is relevant to obtaining a direct transforma- 
tion of a recursive definition into arithmetic, without the danger of inconsis-' 
tency, and in a manner that allows us to prove logical assertions about the 
procedure itself. —_ 


Problem 34 


Show that apply is over-determined, 


814.2 The Recursion Theorem 


The notation that we use here folows [Scott] in his work on lattice 
theory and programming languages, although we do not actually define a 
lattice. 

We introduce an object "1" called "bottom" or "undefined". Letting 
, is the set Su {1}. The symbol "£" 
meaning "is less than or equally defined than" is a binary operator on Ss; 


S be the set of s-expressions, 5S 


defined by: 1£1, 12a, and aw a wherew is any bag riicaea "e" isa 
partial ordering. ; _ 

The notion of equality on the domain s, will be represented by the 
symbol "=", The symbol "=" will mean corapatadionel equality. "="' is not 
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a eeeoutabis predicate, The two equalities can be wompercd ‘in the following . 
table, where @ and 8 are distinct s-expressions: 


c d c=d c@#d 
a @ T T 
aoe 8 F F 
a re i F 
re a 4 F 
- 4 1 T 


The predicates atom, name and num, and the functions cons are 
extended to the domain S, in the same manmer us “") by defining the value 
to be 1 if any argument is 1. The fonctions eum, successor, predécessor, 
car and cdr are also extended to 3, by defining the value to be 1 if the argu- 
ment is 1 or if the value is: sist -teteved, ‘ei gey ‘eaetthfA] «25 and car[A] = 2. 

A function @ is calied monotonic if 4, iB, fori sien ‘implies that 
ola Apres a, = e(b,, busy B 1”? for all a, and b, a S,- The basic functions 
mentioned in the preceding paragraph are all Secpectanae: 

. The ordering "&" extends to functions by Kaieies mee: if'for all a, 
thru a in S,- P,(a,, ore n= G5 (8, > 0. oe i aly a 

" Let {a,} be an infinite sequence of sisciente of s,. It isa monotonic 
sequence if a; a; for i<j, A sequence of functions: fe] (all having the 
same nomber of arguments) is a | monotonic quence if g, =O; % for i<j. An 
upper bound fora sequence is an object such. that any member of the sequence 
is""toit. A least upper r bound fora sequence is an n Upper ‘bound that is 
"" to any other upper bound, — 


Corollary 14,2 

Every monotonic. sequence a a. nak user pe heend: _If-each function 
in the monotonic sequence @, } is itself a monotonic function, then ‘the lub of 
the sequence is also a eacastnie function... 


A functional is a function that takes functions as arguments, i.e., it 
has one or more domains that are themselves function spaces, The notation 
for functionals is a bit cumbersome. When we write ®[S) ~S 1) 3° Sys we 
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mean that ® is a functional whose first argument is an n-ary function on Si 
whose 2nd thru n+1-th arguments are members of Si and whose value is in 
Sy. More complex possibilities exist, but this particular type of functional 
will be the only kind that we need to discuss here. Functionals can be 
monotonic in the same way functions are, since all their argument and value 
domains are partially ordered. 

If @ is a monotonic functional of the type mentioned above, and o.} is 


a monotonic sequence of n-ary functions, anda, thru a, area fixed set of 


1 
elements of Sie then {Me,, Apreees a) is a monotonic sequence in Ss. and 
therefore has a least upper bound, The functional ®is said to be continuous 
if it is monotonic, and if for every monotonic sequence J, and every choice 


of a, in Sy: 


lub{@,, Ayreees a) = O(lub{y,}, Ayreces a.) 


A fixpoint for the functional is a function @ such that for every choice 


of a, thru a, in Si O(c, Apress a) os o(a,, Seles ay): A least fixpoint for ® is 
a fixpoint which is "&" to any other fixpoint. 


Theorem 14. 3 (Fixpoint Theorem) 


If ® is a continuous functional having one n-ary functional argument, 
and n ordinary arguments, then it has a least fixpoint which is monotonic. 
Proof: Define Po by letting Pola, aay a) = 14 for all a. Define 9 
letting o 


n+1 by 
n+1 7 say a) = eo, Ayreees a) We can show by induction that 
the sequence (,} is monotonic because Pp=E%y> and if FOr? then 
=e Cc 2s 

Pray er a.) p. Ayoeees a JES p Ayreees a.) Prego nated a) 
SOP. ,,;S%,49° Let@ be the lub of the sequence (o,}. Because ® is contin- 
moans By, ay e@eeop a.) = lub{@@,, aie oeoagy as = lubfy,(a,, eeeysp at vr, 
pla,, wares a.) So ¢ is a fixpoint for ® Now let ~ be any other fixpoint of ®. 

: ou i—4 
Po £y, and if =4, then P41 (Fy oeoes a.) =o ey, nae eeoep a J=ay, ay aeegs 
a) = va,, sg Se ane or Pn EP By induction, ose for all i, and so # is an 
upper bound for 3. Since @ is the lub of oJ, yy, and so®@ is the least 
fixpoint of ®. » is a monotonic function because if a= bs then pla,, Saas 


= = oe 
a) Py, Apreces a JEP, Dyreees b,) p(b,, uae b,). 
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This proof of the fixpoint theorem has been an exercise in abstract 
algebra; it uses no properties of Ss, other than that s is a partially ordered 
set having a least element, and such that every monotonic sequence has a 
lub. But the notions of monotonic and continuous are surprisingly useful in 
the theory of computation. We have already noted that the basic functions of 
computation are monotonic. In fact, any partial recursive function is mono- 
tonic because that simply means that supplying more information about the 
arguments of the function does not decrease the possibility that the function 
has a value. 

Let g be a partial recursive function on S. We extend it to be a total 
function on Ss, by letting the value be 4 wherever the value was previously 
undefined. @ may also have 1 as an argument, in which case the value will 
be 1 unless the argument is not needed in the computational process, and a 
value is obtained without it. By Church's thesis, there is an effective 
procedure that computes the value of @ whenever it is an s-expression, but 
may never terminate if the value isi. Let ?; be the function such that 
9 (a), saved a.) is defined by doing i amount of work on the computation of 
pla,, es ay) and returning the value if one is obtained, and being undefined ' 
otherwise, The sequence (y,} is not uniquely determined unless we fix a 
particular procedure for computing ¢, and specify an exact definition of work. 
But by merely postulating that every computation requires some finite amount 
of work, we see that every such sequence has ¢ as its lub. 

Let O(y, Ayreees a.) be a functional. We would like to call ® partial 
recursive if there is an effective procedure for computing it. But this 
requires that we specify how this procedure is to be given functions as argu- 
ments. If@ is a partial recursive function, then the problem is simplified. 
We simply give to the procedure @ a procedure that computes ¢, and require 
that the value be independent of which procedure for ~ is used. But we do 
not wish to restrict the argument 9 of ® to partial recursive functions only. 

So we invent the notion of an oracle which is like a black box, or an on-line 
intervention in a computational process, 

The purpose of an oracle is to simulate the effect of a partial 
recursive function even when it is not. A black box that gives the value of 
oa), re a,) when it is defined, and replies '1'' when it is not defined does too 
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much, because when a recursive process does not terminate we are not 
generally told that; we simply wait for ever. On the other hand, a black box 
which gives the value of p(a,,...,a,) when it is defined, and hangs up forever 
if it is not defined, is insufficient, because we can run any process fora 
certain amount of time to see if it produces a value within that time. A 
workable idea is to make use of the notion of a function | as alimit. So, given 
the function 9, let @, } be’ any sequence of functions whose lubis gy. Then an 
oracle for 4 isa Bigek box that when interrogated : about te owe i) for 
particular i, either produces a value or replies a as 

We now define a partial recursive functional Op, a Ayreeeea a asa 
functional for which there is an effective procedure which compdtes its value 
when given the arguments a,, and an oracle for. If the value of @is "1", 


_then the procedure is permitted not to terminate. Implicit in the idea that 


@ is a function of g, and not of the particular oracle ‘chosen to represent 9, is 
the requirement that the value of the computation is independent of the choice 
of oracle for ~. 


Lemma 14.4 
All partial recursive functionals are continuous. 


Proof: The symbol "1" never enters into an effective procedure. It is used 
in discussions about effective procedures to mean that information is not 
available. A procedure can never contain if x=, then...". This is 
sufficient to make all effective procedures monotonic. ; Now let a, thru an 


1 


be a particular choice of objects in S,, and let ; } be any monotonic sequence. 


1 
In the following discussion (9, a Aprreeed *) is abbreviated to (9). 

Let © be the lub of the sequence , If @) 4, then Pp, )= 1 for 
each i, since ®is monotonic. So lub{@(; ye =O). If O(~)= a eke @ is 


an s-expression, then since this Sotngutanan is independent of the oracle used 


lone way to be sure that the procedure does not act-on the information "this 
argument is undefined" is to replace each individual argument with an oracle _ 


for a constant ‘function $[] based on a sequence fe; }. This sequence either 
produces the argument for some i, or it never does, and the argument is 
"1". In other words, the procedure has to work to obtain each argument, 


and it can never know if or when it will get the argument until it Peete it. 
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for ~, we can let the oracle be based on the sequence ,; }. "Because a was. 
computed by an effective procedure, it can only have interrogated the oracle 

a finite number of times. Let Oy, be the highest function in the sequence fy, } 
that was used. Consider the computation ‘of 6, ) where yi is represented by 
an oracle using the sequence beginning with et ‘thru Oy and then. being Py, . 
from there on. This computation must proceed exactly like the previous éne, - 
because no function with an index greater than k will ever be interrogated. 

So @(¢) = (0, )E 1ublOle,)} Sep) and 80 @ts ‘continuous, - 


Theorem 14.5 (Kleene's Recursion Theorem) _ . . oo 


Every partial recursive, functional bance lenst firpotat which isa 
partial recursive function. eae : oe 
Proof: By lemma 14. 4, if @ is ariai recursive, it is continuous. By 
theorem 14, 3, it then has a least fixpointo. To show that ¢ is partial 
recursive, consider the sequence {p,} in the proof of theorem 14.3 of which? 
is the lub, Po is partial recursive because it is repr resented by the process 
that never produces a value. Suppose #_ ‘is partial Fecursive, Then 9 ntl is 
partial recursive because @ nt1Ay° Paay *, nya "Ste wey 00 4)), ‘and ‘there: are 
effective procedures for'@_ and @, By anduetion. Veit tive %; ‘ake partial 
recursive, and so@ is: partial reeursivé ee it fe sompated by the 
procedure that tries all the P;- i 3 


914.3 Applicevion of the Recursion heorem* 


, Consider a recursive “definition: 
¢{5. ; ha oaen ¢. nl © €. 


where €has no free variables other than the oe _and every function and 
predicate name in «, except for ¢, is already défined gad | partial recursive, 
Then €is a partial recursive functional. becayse.it apecifies @ computation 
depending on the functional argurrient ?, and the 'sexpression arguments ae 
thru § . Furthermore,. if! Melt is. replaced hy Um, ‘hen we have the a ccint 
eadaticn for this functional. 

Unfortunately, the situation gets a bit messy here because there are 


# 


various semantics that one can propose for the language of recursive 
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definitions. The choice of semantics will determine what functional 

* (9, Sy fates a) is specified by the form €. We shall briefly consider two of 
them here: o is the functional specified by the LISP semantics described in 
Chapter Two. ® is the functional specified by the complete semantics, that 
, is, the semantics that computes as much as is poseible from the information 
‘sf available in€. The two semantics never produce conflicting values, but ee. 
may produce a value where o fails to do so, that. is, @. = ce . There aces 
two significant differences between the two: 

I: LISP evaluation uses call by value. This sometimes gets hung up 
because all arguments for a function must be pre~evaluated, even if they are 
not needed for its computation. For example, the definition: 


f{m,n]¢:[m=0%1,T *f[m - 1, f[m,n]]] 


computes in LISP a function that is 1 if m is 0, and is otherwise undefined. 
But the complete semantics uses call by name, which does not attempt to 
evaluate the inner f[m,n], and so does not get into an endless cycle. It 
computes the function which is 1 for all numeric arguments. _ This problem 
is discussed thoroughly in [Vuillemin]. | 
II: LISP semantics specifies a left- ~to- right order of evaluation for 
conditionals and logical operators. For example, the definition: 


f[n] + [f{n} = 071, T +1] 


computes the totally undefined function in LISP, but the constant function 
f[n] = 1 in the complete semantics, = 

In LISP, the form q v & 

« has no value, then the expression is undefined. . In the ‘complete semantics, 

the expression is true if either branch is true. This point can be stated by 


means of the three valued truth tables for the operation yn, | keeping in mind 


is evaluated by first evaluating «- If ¢ 


« that the interpretation of min is "information not available", OF "value 
unknown", (See tables at top of next page. ) 7 
Both of these tables are monotonic, a necessity for them to be com- 
putable. We might call the first one "weak", and the second "strong" or — 
"symmetric". We have chosen the word “complete” : because of the property — 


of semantic completeness which is the same as in logic. (From B we can 
deduce A V B without having to prove that A is true or eae) The strong 
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truth tables are discussed in [Kleene, $64] in commection with partial recursive 
functions. His term for "monotonic" is "regular". 

Let us examine some recursive functionals and their fixpoints taken 
from [Manna and Vuillemin]. Consider the functional: | 


#(p, a,b) is [a= b + b+1, T + ole,efa-1,b+ 110 


A fixpoint for @ is a function ~ such that g(a, b) = ow, a, b) for every choice of 

a and b in S,. "+" and "'-" are functions that are undefined for non-numerical 
arguments, ioe if the result of subtraction is negative. _ The nature of "eel" is 
such that for the equation to be true, both sides must be the same number, or 
both must be undefined. Notice, also, that "= "2" used in the conditional 
expression is undefined if either argument is undefined. We now specify 
three functions, each of which is a fixpoint of @: 


ee rote 


@,; atl 
@,: ifa2b thena+ 1 else’b- 1 
%.: ifa 2b anda - bis even, then a+1 
else not defined 
A certain amount of investigation will convince one that each of these is a fix- 
point. It can also be shown that P, @, and @, Po. P3 is in fact the least 
fixpoint of 9. 
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So begetai 


We now extend the theory A of Chapter Eleven to be a theory A, about 
the model Ss, which is the s-expressions with the added object "1", and the 
definitions of the basic functions extended. appropriately. However, we shall 
not use "1", "&" or "=" anywhere in the language of the Serr because they 
are not computable. 

The variables beginning with r thru z range over s-expressions, while 
variables beginning with a, b and c range over Bie The axioms of group H 
are now needed because we admit to the possibility of their‘being something 
that is aot an s-expression. In this theory, list[x}# x-is-a theorem, but 
list[a] # a is not, because of the counter-example cons{1, NIL] = 1. 

. Specifically, we have axiomatized the theory. of s-expressions so as to 
admit the possibility that there might be things that are not s-expressions. 
But we have not axiomatized s, particularly; . we simply note that S, is one 
model that satisfies the theory A, : 

Consider the recursive definition f{a}« f[a]+ 1. Its least fixpoint is 
the totally undefined function. Since this is a "total" function on the domain 
Sy the equation f[a] = f[a] + 1 is satisfiable in Si and no inconsistency 

results from it. The instantiation f[3] = f{3}+ 1 is satisfied because 

121+ 1, and "=" approximates ''*"' to the extent:thatit:is:computable. One 

cannot derive 0 = 1 from this formula, because if we start from the theorem 

m=m+1->0 = 1 (which is. provable), we find that replacing m with f([3] is 
not a valid substitution because f[3] is not a numeric typed term. 
Partial Recursion Schema 
If g is a new name, then the transformation of the recursive 

definition e[x,, cues x,,] ¢ € into a set of formulas of A, may be 

used as a definition for 9. 

Not only is this rule consistent, but it makes all partial recursive 
functions partially representable, and all total recursive functions represent- 
able ina direct manner, We present the following theorem without proof 


because there is too much detail that we have nat completed: it is not difficult 
conceptually. 


Theorem 14.6 (Partial Repregentation) 


Let the function name @ be defined in A, ay the partial recursion 
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schema, where all the other function and predicate names in the schema are 
already defined and (partially) representable. Then 9G, eos 0.) = Ol’ 
where @ is the least fixpoint of €in the complete semantics, if and only if 
A, relc,. ci 0] = Catt’ 

This theorem is the justification for the 'completeness" of this 
particular choice of semantics. 

If a function g has been defined by the partial recursion schema, we 
may be able to demonstrate that it is a total recursive function by proving the 
formula dy(o[x,, eee X] = y). This also allows us to assert that the function 
y is a well-typed s-expression valued function. Other totality and type 
information may be developed similarly, One may be able to prove 
di [x,m] =n), which types 9 as a total numeric-valued function having an 
s-expression argument and a numeric argument. If one can prove 
~[x] > dy(p[x] = y), then one has shown that 9 is defined at least for those 
values where #[x] is true. 

It is not possible to prove the totality of all total recursive functions 
in this manner, since this would make "total" recursively enumerable. But 
it is possible in many cases. In particular, it is always possible to prove 
that primitive recursive definitions define total recursive functions. (The 
argument is by induction. ) 

One word of caution on this schema, The model Ss, introduces "1" 
into the domain, but nat into the logic itself. The model is still a model of 
standard two-valued first order logic. So while the recursion schema permits 
replacement of "«" with "=", it would be inconsistent to replace "+" with "S", 
p[x] = 4p[x] is inconsistent in the present system, although one could develop 
a three-valued logic, 

The recursion theorem can be stated in a multi-dimensional form 
which is that given the set of equations: 


%,,, ee Py, Sy wees as? = 0 4'* i Pere *n,? 


®(Y,, ee had $y. aes §. 


alk io nea 6.) 


"k 
where the e are partial recursive, there is a set of least fixpoints %, thru a 
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which are partial recursive. This conveniently corresponds to the program- 
mer's habit of defining recursive functions in interdependent batches. The 
partial recursion schema may be extended to permit this. 


Problem Set 35 


1. Investigate the work of Vuillemin, and the Oxford Group, to see 
how the recursion theorem is used in the study of the semantics of program- 
ming languages. How do they deal with the problem of the computed function 
of LISP and ALGOL being less than the semantically complete fixpoint? 

2. Extend the syntax of first order logic to allow conditionals used 
either as logical connectives, or choice functions within terms, so that con- 
ditionals can be nested inside each other. Add transformation rules that are 
consistent, and make this logic complete semantically. Theorem 14.6 is 
now trivial to prove. on ee 
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CHAPTER FIFTEEN . 
SECOND ORDER ARITHMETIC AND SET THEORY 


915.1 Second Order Arithmetic 


Starting with the system A presented in Chapter Twelve, we can 
develop a second order theory of s-expressions. The model for this theory | 
has as its domain the set S U {s}, i.e., there will be both s-expressions and 
sets of s-expressions in the domain, Set variables will begin with a capital 
R, Sor T, and be followed by at least one lower case letter. 

The basic predicate of set theory is membership. In second order 
arithmetic, things that are members are s-expressions, and things that have 


members are sets. So: 
a € b > (sexpr{a] A set[b]) 
The principle of extensionality is that two sets are equal if they have 
the same members: 
EXT: Yx(x € Sa = x € Sb) > Sa = Sb 


The principle of comprehension is that there is a set to correspond to 
every property definable in the theory, or: 


COMP: dGSav¥x(x € Sa = a) 


where q@ is any formula not having the variable Sa free. 

From the extensionality axiom, one can prove that the existential 
quantifier in the comprehension axiom schema is unique, i.e., T  Savx(x € Sa= 
a). 

The induction axiom schemas of first order arithmetic can be replaced 


by single formulas in second order arithmetic: 
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NIND: 0 € Sa> n(n € Sa >n’€ Sa) > Yn(n € Sa) 
SIND: Vx(atom[x] > x € Sa) > Vacly(xx € Sa>y € Sa> x*y € 3) =) 
» Wa(x € Sa) 

Together with the axioms of A, these are the axioms for second order arith- 
metic, A, foo 

We can define certain classes of sets, and even ‘given them special 
variable types that are sub-types of the type ' 'get". The most obvious one is 
the set of numbers. We define. the type "nset'' by: 


nset[Sa] = ¥x(x € Sa > nym[x]). 


Variables of type ''nset" will start with a capital N, such as Na, Nb, etc. - 

The least number principle can he stated, asa single axiom: | 

Gn(n €: Na) > Gn(n € Ne A ¥ma(m € Na n s.m)) 

First order functions and predicates tan be represented as individual 
sets in second order arithmetic. If J isd ri-ary predicate on the s- expres - 
sions, then it is represented by the set containing orily' lists’ of length m, and 
such that listo), ...,0,,] is.a member of the set if and-only if He, ...40,) is 
true. Ifo is an n-ary function on 8- expressions, then. it is represented bya 
set containing only lists whose length is ntl, rere such that list(o ae Oe 
o * isa member: of the set if and only if oe: vee oA y= Carer ' Putting the 
valve. first is a matter of convenience. - it a ‘eaay te meke definitions such as: 

Parfun3(Sa] # (Vix(x € Sa > s4{x}) A inca © Sa; > y’ € Sa > ‘sar (x) = 

edr{[y}2x-#:¥)) ode 

Totfun3[Sa] = (Parfun3[Sa] A Vx 83[x] > dyly*x € Sa) 


Parfun and Totfun are secend order predicetes. Obvioysty, one can continue 
to make specific definitions of functions and predicates having such and such 
numeric or symbolic arguments and values. ie — 

‘There are second order functions or ‘functionals which process first 
order functions and might. be called combinaters. of first order functions. 
These are abstract, rather than procedural. operations | and do not correspond 
to recursive processes, necessarily. For. xample,: given the unary partial — 
functions Bye, and Po there is the partial fungtion. @of0, (8)... , Ehe-sacond. . 
order function ComposelSe: Sb) has this. composition function. as its value. It 
is trivial to prove: 
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Parfun1 [Sa] > Parfun1[Sb] > a Se(parfun1 [Sc] A ¥xVy(list[x, y] €. Se 2 
dz(list[z, y] € Sa A list[x, 2] € Sb))) 


Using Rule PF, we define this unique Sc to be Compose[Sa, Sb]. 

Corresponding to any procedure for computing a first order partial 
recursive function, is the set which is the function it computes. We can call 
this the extension of the procedure. Trivially: 


a Saty(y € Sa = dzawdn(applyk[x, z,n] = list{w] 4 y = w*z)) 


Using Rule F, we define this unique Sa to be Extension([x]. 

It is possible to define an ordinary first order recursive function 
pcompose such that if x and y are s-expression translations of procedures for 
unary partial recursive functions, pcompose[x, y} will be a procedure for 
computing the composition of the two functions, Then for any such x and y 
the following identity holds: 


Extension[pcompose[x, y]] = Compose[Extension[x], Extension[y]] 
It is even possible to define an abstract Apply by: 
a yly*x € Sa) > Apply[Sa, x}*x € Sa Rule PF 


This second order function applies any function (represented by a sét) to its 
list of arguments, and produces a value (abstractly). The evaluation of a 
partial recursive function by an interpreter coincides with a special case of 


this in the sense that: 
dn(applyk[x, y, n] = list{z]) > Apply[Extension{x Ly] =z 


The purpose of this discussion has been to show that a much larger 
number of situations can be discussed very precisely in second order arith- 
metic than in first order, This is done at the expense of making the dis- 
cussion abstract, in that the entities being discussed are no longer construct- 
able. It seems as though any mathematical discussion cannot realistically 
be kept at the first order level. When we want to go beyond the second level, 
we can either explicitly formulate third order and fourth order arithmetic, 
etc., or we can go into axiomatic set theory. 


Problem Set 35 


1. Show that there are formulas of first order logic that are not prov- 
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able in first order logic, but are provable in second order logic. 

2. Prove that second order logic is incomplete. 

3. Define the functions Union, Inte¥section' xnd Complement (with “~ 
respect to the set’of s-expreesions).~ ‘Union; for ‘example, Asa‘ fiiriction of 
two arguments which afe sets, and the valée ts ‘thé Set Whteh is their unton. 

4, What is an impredicative sehinition? § ‘How does the axioni scheéria 
COMP avoid impredicative definitions? '° "2 tec ere e- 


§15,2 Axiomatic Set:-Thoery™’ 
| There are basically two styles ‘of axiomatic set theory. Zermelo- . 
Fraenkel (ZF) set theory is a theory about sets only, | while von Neumann- - 


Pavers 


Bernays-Gddel (NBG) aet ‘theory is a “th ry about sets and classes, which | 
are universal objects’ that are too big to ‘pe called sets. ‘2¥F has axiom : 
schemas giving rise to infinitely many  individaal | ‘axioms, “while NBG is finitely 
axiomatized, For the reader wishing an introduction to set theory, 
{Shoenfield, Chapter 9] discusses ZF, and [Mendelson, Chapter 4] discusses 
NBG. _ Set theory is discussed informally, that is, without reference to an 
axiomatization in first order logic, in [Halmos]. 

Two of the important concepts developed in set theory are cardinality, 
and ordinality. We are using the concept of cardinality when we investigate 
second order arithmetic and mention higher arithmetic. One of the principles 
of set theory is that, given any set, there is the set of all subsets of that set 
(known as the power set) which is of higher cardinality than the original set. 
So when set theory axioms are added to arithmetic, we automatically get sets 
of s-expressions, sets of seta of s-expreasions, etc. Axiomatic set theory, 
as it is commonly presented, is abstract in that the only basis for construct- 
ing sets is the empty set. But it is easy to merge the axioms of set theory 
with an existing theory such as first order arithmetic. 

The other major concept of set theory is ordinality. We have hardly 
mentioned ordinal numbers in this book, yet the theory of ordinals enriches 
the study of recursive functions, and axiom systems at almost every level. 

There is a whole hierarchy of ordinal numbers even when we restrict 
ourselves to countable ordinals - those having the lowest infinite cardinality. 
The smallest transfinite ordinal is calledw, There is the sequence w, w+ 1, 
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w+2, ..., and an ordinal w.x 2 that is greater than any of these. There is 
the sequence Wx 2, WwX2+ 1, ..., and the ordinal.w xX 3 which is greater than 
these. The ordinal Wj is. greater than any ordinal in the sequence @ w *.2, 
wx 3, etc, All of thease and many more are. still countable. 

Ordinals are the natural mathematics): atrueture:for representing the 
idea of trsnucendence. For example, GUdel's theorem allows us to find a 
formula independent of a certain axiom system. Tis ‘oan be repested 25 
ad infinitum, but even after adding infinitely many. axioms, _ we can still find 
an independent formula, and after adding | sequences of sequences of new | 
axioms, we still find that we can obtain ¢ an independent formule, _ The 
unsuccessful effort to finally complete the axjom. system } leads naturally to 
_ Kleene's concept of a constructive ordinal, : 
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